Security Basics mailing list archives
Re: Am I owned on port 27665
From: Andre Lauw <andre.lauw () gmail com>
Date: Thu, 19 Oct 2006 08:58:19 +0200
Faheem SIDDIQUI wrote:
On my Cisco Router, I do a nmap from outside on the Internet. The result is: " Interesting ports on *.*.50.1: Not shown: 1676 closed ports PORT STATE SERVICE 23/tcp filtered telnet 135/tcp filtered msrpc 1524/tcp filtered ingreslock 27665/tcp filtered Trinoo_Master I am worried about the last two entries. The last nmap was done in Feb this year and I have confirmed that the two ports did not exist. Though the state "filtered" is a solace but I am still concerned. How can O be sure that the system has not been compromised? Also the current IOS Version on my Router is 12.4. It was the same case when I was using older v 12.2 on another router, so I thought maybe, it's an IOS issue and I upgraded my Router to 2811 with IOS v 12.4. But as soon as I plugged it into the circuit, I realised the nmap again gives the trinoo_master entry with state as filtered. Where could lie the problem. Is it with my firewall configuration behind the router? --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
I did some search on google and I found this (http://www.cert.org/incident_notes/IN-99-07.html) on cert and for more detailed info about trinoo (http://staff.washington.edu/dittrich/misc/trinoo.analysis). Good luck, Andre --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails, (continued)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Devdas Bhagat (Oct 18)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Laundrup, Jens (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Oftedahl, Douglas (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Petter Bruland (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Hagen, Eric (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Wise, Ben (Oct 18)
- Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)
- Re: Am I owned on port 27665 Colin Copley (Oct 19)
- Re: Am I owned on port 27665 Andre Lauw (Oct 19)
- Re: Am I owned on port 27665 nick (Oct 19)
- Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)