Security Incidents mailing list archives

Re: strange, strange stuff

From: Peter Moody <peter.moody () lutris com>
Date: Mon, 26 Mar 2001 23:30:16 -0800

Hugo van der Kooij wrote:

On Mon, 26 Mar 2001, Max Gribov wrote:

I did my weekly sweep of my machine, which involves portscans, log
reviews, etc, and during nmap'ing i came across this:

four consequtive nmaps below:

--------------------------------
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Strange read error from 127.0.0.1 (104): Operation now in progress
Strange read error from 127.0.0.1 (104): Operation now in progress
Strange read error from 127.0.0.1 (104): Operation now in progress
Interesting ports on localhost (127.0.0.1):
(The 65494 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
113/tcp    open        auth
1918/tcp   open        unknown
2643/tcp   open        unknown
4986/tcp   open        unknown
6000/tcp   open        X11


....

Why would someone use nmap to a local machine. I guess `lsof` and `netstat
-na` would be more reliable.



some trojans employ root kits which hide can hide the fact that they are listening
on certain ports.  in thess cases, lsof and netstat wouldn't help...


--
Peter Moody          Systems Administrator      
Lutris Technologies  peter.moody () lutris com
:wq

Current thread:

strange, strange stuff Max Gribov (Mar 26)
- Re: strange, strange stuff Hugo van der Kooij (Mar 26)
  - Re: strange, strange stuff Peter Moody (Mar 27)
  - Re: strange, strange stuff Erik (Mar 28)
- Re: strange, strange stuff Jason Boyer (Mar 27)