hacked?

To: debian-user@lists.debian.org
Cc: moebinkerman@hotmail.com
Subject: hacked?
From: "Moe Binkerman" <moebinkerman@hotmail.com>
Date: Mon, 16 Jun 2003 06:29:57 -0400
Message-id: <[🔎] BAY1-F125vdGmxCvKbb00041f51@hotmail.com>

I've noticed something odd, I did an nmap localhost after messing withinetd.conf, and say a weird port open.I ran it again and it wasn't there. Mostly I see just the normal services Iam running, but 1 in a dozen nmap scans (as root) show some ports that areopen for a second or so. Why would these ports be open, below is an exampleof some of the ports.

I put an nmap localhost in loop to capture the info, also I ran a ps -ef ina loop and I let it run for a couple of days and I didn't see anythingunusual. Am I hacked?



1359/tcp   open        ftsrv
2120/tcp   open        kauth
2241/tcp   open        ivsd
1452/tcp   open        gtegsc-lm
4444/tcp   open        krb524
3306/tcp   open        mysql
1358/tcp   open        connlcli
1652/tcp   open        xnmp
1433/tcp   open        ms-sql-s
3389/tcp   open        msrdp
1506/tcp   open        utcd
1386/tcp   open        checksum
2021/tcp   open        servexec
2564/tcp   open        hp-3000-telnet
1445/tcp   open        proxima-lm
1369/tcp   open        gv-us
1444/tcp   open        marcam-lm

_________________________________________________________________

Add photos to your e-mail with MSN 8. Get 2 months FREE*.http://join.msn.com/?page=features/featuredemail

Reply to:

Follow-Ups:
- Re: hacked?
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: /usr/bin/apt-listchanges: No such file or directory
Next by Date: Re: Low latency patch worth the fuss?
Previous by thread: Re: /usr/bin/apt-listchanges: No such file or directory
Next by thread: Re: hacked?
Index(es):
- Date
- Thread