Security Basics mailing list archives

Re: Am I owned on port 27665

From: Andre Lauw <andre.lauw () gmail com>
Date: Thu, 19 Oct 2006 08:58:19 +0200

Faheem SIDDIQUI wrote:

On my Cisco Router, I do a nmap from outside on the Internet. The result
is:

" Interesting ports on *.*.50.1:
Not shown: 1676 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
135/tcp filtered msrpc
1524/tcp filtered ingreslock
27665/tcp filtered Trinoo_Master

I am worried about the last two entries. The last nmap was done in Feb
this year and I have confirmed that the two ports did not exist.
Though the state "filtered" is a solace but I am still concerned. How
can O be sure that the system has not been compromised?

Also the current IOS Version on my Router is 12.4. It was the same case
when I was using older v 12.2 on another router, so I thought maybe,
it's an IOS issue and I upgraded my Router to 2811 with IOS v 12.4.

But as soon as I plugged it into the circuit, I realised the nmap again
gives the trinoo_master entry with state as filtered.

Where could lie the problem. Is it with my firewall configuration behind
the router?

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you can
earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

I did some search on google and I found this
(http://www.cert.org/incident_notes/IN-99-07.html) on cert and for more
detailed info about trinoo
(http://staff.washington.edu/dittrich/misc/trinoo.analysis).

Good luck,
Andre

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails, (continued)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Devdas Bhagat (Oct 18)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Laundrup, Jens (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Oftedahl, Douglas (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Petter Bruland (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Hagen, Eric (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Wise, Ben (Oct 18)
  - Am I owned on port 27665 Faheem SIDDIQUI (Oct 18)
    - Re: Am I owned on port 27665 Colin Copley (Oct 19)
    - Re: Am I owned on port 27665 Andre Lauw (Oct 19)
    - Re: Am I owned on port 27665 nick (Oct 19)