Security Incidents mailing list archives
Re: Port 9088
From: Todd Meister <todd () LMI NET>
Date: Wed, 4 Oct 2000 17:55:38 -0700
Since that posting, I discovered (by checking the results of the portscan manually) that most of the hosts reported were actually Flowpoint DSL routers. There were also a couple strange boxes, the identity of which I haven't resolved. -Todd On 05-Oct-2000 Christopher Tresco wrote:
It has been my experience that when nmap says filtered it isn't blocked w/ ipchains. Usually that would mean the router filters that port. -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Todd Meister Sent: Wednesday, October 04, 2000 5:19 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Port 9088 Interesting ports on hax0red.whoopsie.com (10.0.0.3): Port State Protocol Service 9088 filtered tcp unknown All of them are filtered. I see two possibilities -- the cracker in question is using ipchains or something similar to secure the rootshell against other barbarian hordlings, or perhaps there is some service that actually runs at 9088. So my question is, is there some software or other that listens on this port, or is there a pretty good chance that every IP reporting an open port 9088 has been compromised? Is there a way of testing, even though nmap reports the port as filtered?
Current thread:
- Port 9088 Todd Meister (Oct 04)
- Re: Port 9088 George Bakos (Oct 04)
- Re: Port 9088 Todd Meister (Oct 05)
- Re: Port 9088 Erik Tayler (Oct 06)
- Re: Port 9088 Todd Meister (Oct 05)
- Re: Port 9088 Christopher Tresco (Oct 04)
- Re: Port 9088 Todd Meister (Oct 04)
- <Possible follow-ups>
- Re: Port 9088 Peter Foreman (Oct 06)
- Re: Port 9088 George Bakos (Oct 04)