Security Incidents mailing list archives
Re: strange, strange stuff
From: Peter Moody <peter.moody () lutris com>
Date: Mon, 26 Mar 2001 23:30:16 -0800
Hugo van der Kooij wrote:
On Mon, 26 Mar 2001, Max Gribov wrote:I did my weekly sweep of my machine, which involves portscans, log reviews, etc, and during nmap'ing i came across this: four consequtive nmaps below: -------------------------------- Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Strange read error from 127.0.0.1 (104): Operation now in progress Strange read error from 127.0.0.1 (104): Operation now in progress Strange read error from 127.0.0.1 (104): Operation now in progress Interesting ports on localhost (127.0.0.1): (The 65494 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 113/tcp open auth 1918/tcp open unknown 2643/tcp open unknown 4986/tcp open unknown 6000/tcp open X11.... Why would someone use nmap to a local machine. I guess `lsof` and `netstat -na` would be more reliable.
some trojans employ root kits which hide can hide the fact that they are listening on certain ports. in thess cases, lsof and netstat wouldn't help... -- Peter Moody Systems Administrator Lutris Technologies peter.moody () lutris com :wq
Current thread:
- strange, strange stuff Max Gribov (Mar 26)
- Re: strange, strange stuff Hugo van der Kooij (Mar 26)
- Re: strange, strange stuff Peter Moody (Mar 27)
- Re: strange, strange stuff Erik (Mar 28)
- Re: strange, strange stuff Jason Boyer (Mar 27)
- Re: strange, strange stuff Hugo van der Kooij (Mar 26)