Yup, if you look at the number 31337 it spells ELEET which should tell you straight away that you have been compromised.. -Nix At 11:52 PM 9/02/2001, you wrote:

There is an exploit usually called bindshell that listens on port 31337. Try a telnet yourmachine 31337 and see.

--- Bogdan Zapca System Administrator SC EcoSoft SA Internet Service Provider 1-7 Deva st, Cluj-Napoca, Romania Tel: +40 64 199696 PGP: http://www.itotal.ro/lupe@admin2.ecosoft.ro.pgp http://www.ecosoft.ro

On Fri, 9 Feb 2001, Andreas Frowein wrote:

...

hey list,

the last days i wanted to check my (older) suse-system with nmap. i am new to nmap and have got a question about the results, because local and remote are different:

used syntax: nmap -sF -v -v -v ...

local result (nmap V 2.02): Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 25 open tcp smtp 53 open tcp domain 110 open tcp pop3

remote result (nmap V. 2.53, working on a trusted system): Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 139/tcp open netbios-ssn 8080/tcp open http-proxy 31337/tcp open Elite

i surely know that there is NO netbios working and what about the port 31337/tcp ? back orifice is working on 31337/UDP and that just on window-boxes...but we are speaking of a linux-server. is this a problem of the "old" nmap version used for the local scan?

does anybody know? any help is appreciated. many thanks in advance,

regards,

andreas

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

--- Nix - nix@susesecurity.com http://www.susesecurity.com