Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: AW: [suse-security] server-check
  • From: Togan Muftuoglu <toganm@xxxxxxxx>
  • Date: Sat, 10 Feb 2001 19:29:32 +0200
  • Message-id: <3A857A7C.2605C24C@xxxxxxxx>
Thomas Lamy wrote:
>
> And again, as always mentioned on this list: If the machine was attacked and
> you have finished the forensic analysis, format the harddisk and do a fresh
> install from CD-ROM. It sure would help if you knew how the attacker came
> in, and which other machines on your net have also been compromised...

OK I think I have found the problem ( crossing my fingers for an expert
verification)

It's the firewall-custom rules generating these I have tried with and
without the custom rules and nmap gave different results

without custome rules

Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
Host localhost (127.0.0.1) appears to be up ... good.
Initiating FIN,NULL, UDP, or Xmas stealth scan against localhost
(127.0.0.1)
The UDP or stealth FIN/NULL/XMAS scan took 7 seconds to scan 1523 ports.
Interesting ports on localhost (127.0.0.1):
(The 1511 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
119/tcp open nntp
444/tcp open snpp
515/tcp open printer
888/tcp open accessbuilder
4557/tcp open fax
4559/tcp open hylafax
6000/tcp open X11


with custom rules

Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
Host localhost (127.0.0.1) appears to be up ... good.
Initiating FIN,NULL, UDP, or Xmas stealth scan against localhost
(127.0.0.1)
The UDP or stealth FIN/NULL/XMAS scan took 5 seconds to scan 1523 ports.
Interesting ports on localhost (127.0.0.1):
(The 1508 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
119/tcp open nntp
444/tcp open snpp
515/tcp open printer
888/tcp open accessbuilder
4557/tcp open fax
4559/tcp open hylafax
6000/tcp open X11
12345/tcp open NetBus
12346/tcp open NetBus
31337/tcp open Elite



--
Togan Muftuoglu

< Previous Next >
References