Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Am I owned on port 27665

From: "Colin Copley" <colin.75 () btinternet com>
Date: Wed, 18 Oct 2006 19:29:27 +0100
Trinoo_master details, incl default password, filenames etc can be found here - http://staff.washington.edu/dittrich/misc/trinoo.analysis 

You might want to nmap the server from inside the network just to make sure.
Regards
Colin


"Faheem SIDDIQUI" <fahimdxb () gmail com> wrote:
On my Cisco Router, I do a nmap from outside on the Internet. The result is: 

" Interesting ports on *.*.50.1:
Not shown: 1676 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
135/tcp filtered msrpc
1524/tcp filtered ingreslock
27665/tcp filtered Trinoo_Master
I am worried about the last two entries. The last nmap was done in Feb this year and I have confirmed that the two ports did not exist. Though the state "filtered" is a solace but I am still concerned. How can O be sure that the system has not been compromised? 




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: