Re: Nmap shows port 21 is open with no ftp daemon installed.

To: debian-user@lists.debian.org
Subject: Re: Nmap shows port 21 is open with no ftp daemon installed.
From: John Hasler <jhasler@debian.org>
Date: Mon, 08 Jun 2009 07:27:00 -0500
Message-id: <[🔎] 8763f69ai3.fsf@thumper.dhh.gt.org>
In-reply-to: <[🔎] 4A2CCA88.8050001@gmail.com> (Rod James Bio's message of "Mon\, 08 Jun 2009 16\:23\:36 +0800")
References: <[🔎] 4A2CCA88.8050001@gmail.com>

Does nmap claim there is actually something listening on port 21 or is it
that the port is simply not "stealthed"?  Post the actual nmap output.
Some security sites (such as www.grc.com) make the (IMHO bogus) claim that
not having all ports "stealthed" is a security risk.  Your friend may have
seen this and misunderstood.

Rod writes:
> So he asked other people and they told him that his machine was
> hacked. The lsof and netstat was modified. The port 21 was a backdoor
> placed by the hacker.

It does not seem plausible that a cracker would install a rootkit that
would listen on the standard port.  Do you have any reason to believe that
these other people know what they are talking about?

-- 
John Hasler

Reply to:

Follow-Ups:
- Re: Nmap shows port 21 is open with no ftp daemon installed.
  - From: Rod James Bio <rjubio@gmail.com>

References:
- Nmap shows port 21 is open with no ftp daemon installed.
  - From: Rod James Bio <rjubio@gmail.com>

Prev by Date: Re: connecting cable modem through usb port
Next by Date: Re: Nmap shows port 21 is open with no ftp daemon installed.
Previous by thread: Re: Nmap shows port 21 is open with no ftp daemon installed.
Next by thread: Re: Nmap shows port 21 is open with no ftp daemon installed.
Index(es):
- Date
- Thread