Re: Nmap shows port 21 is open with no ftp daemon installed.

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Nmap shows port 21 is open with no ftp daemon installed.
From: Sjoerd Hardeman <sjoerd@lorentz.leidenuniv.nl>
Date: Mon, 08 Jun 2009 10:27:05 +0200
Message-id: <[🔎] 4A2CCB59.5010508@lorentz.leidenuniv.nl>
In-reply-to: <[🔎] 4A2CCA88.8050001@gmail.com>
References: <[🔎] 4A2CCA88.8050001@gmail.com>

Rod James Bio wrote:

Hi, I've been wondering about my friends case. Seems that when henmapped his machine port 21 is open, but there is no ftp daemoninstalled. He tried
"lsof -i :21"
but it did not return anything. He also tried
"netstat -an | grep 21"
also nothing.
So he asked other people and they told him that his machine was hacked.The lsof and netstat was modified. The port 21 was a backdoor placed bythe hacker. Now I am not really contented with this answers. Anysuggestions?

Try
 'telnet your.friends.ip 21'
if that works, something is definitely wrong with your friends pc.

If so, check the process list and see if you find anything you don'trecognize. Kill that process, and try to telnet again. Do all of thiswith only a local network connection, so nobody from the internet canreach the possibly hijacked pc.However, when hacked reinstalling might be the fastest way to get rid ofany malicious software.


Sjoerd

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Nmap shows port 21 is open with no ftp daemon installed.
  - From: Rod James Bio <rjubio@gmail.com>

Prev by Date: Nmap shows port 21 is open with no ftp daemon installed.
Next by Date: Re: Nmap shows port 21 is open with no ftp daemon installed.
Previous by thread: Nmap shows port 21 is open with no ftp daemon installed.
Next by thread: Re: Nmap shows port 21 is open with no ftp daemon installed.
Index(es):
- Date
- Thread