hacked?
I've noticed something odd, I did an nmap localhost after messing with
inetd.conf, and say a weird port open.
I ran it again and it wasn't there. Mostly I see just the normal services I
am running, but 1 in a dozen nmap scans (as root) show some ports that are
open for a second or so. Why would these ports be open, below is an example
of some of the ports.
I put an nmap localhost in loop to capture the info, also I ran a ps -ef in
a loop and I let it run for a couple of days and I didn't see anything
unusual. Am I hacked?
1359/tcp open ftsrv
2120/tcp open kauth
2241/tcp open ivsd
1452/tcp open gtegsc-lm
4444/tcp open krb524
3306/tcp open mysql
1358/tcp open connlcli
1652/tcp open xnmp
1433/tcp open ms-sql-s
3389/tcp open msrdp
1506/tcp open utcd
1386/tcp open checksum
2021/tcp open servexec
2564/tcp open hp-3000-telnet
1445/tcp open proxima-lm
1369/tcp open gv-us
1444/tcp open marcam-lm
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
Reply to: