Hi everyone, Running nmap localy I have seen I have two instances of Netbus on port 12345 and 12346 Which puts me in paranoid and port 31337 IIRC it is a bindshell exploit. This machine is not connected to any Windows machines locally only laptop which is running linux as well 1) Do I have a trojan working behind or is it me who needs an aspirin 2) How trusty is running nmap locally if you have already been carrying Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Host (xxx.xxx.xxx.xxx) appears to be up ... good. Initiating FIN,NULL, UDP, or Xmas stealth scan against (xxx.xxx.xxx.xxx) The UDP or stealth FIN/NULL/XMAS scan took 7 seconds to scan 1523 ports. Interesting ports on (xxx.xxx.xxx.xxx): (The 1507 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 37/tcp open time 80/tcp open http 111/tcp open sunrpc 119/tcp open nntp 444/tcp open snpp 515/tcp open printer 888/tcp open accessbuilder 901/tcp open samba-swat 4557/tcp open fax 4559/tcp open hylafax 6000/tcp open X11 12345/tcp open NetBus 12346/tcp open NetBus 31337/tcp open Elite Nmap run completed -- 1 IP address (1 host up) scanned in 7 seconds when I do fuser -n tcp 12345 or 12346 or 31337 there is nothing running Any ideas on what the hell is going on -- Togan Muftuoglu