Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Am I owned on port 27665

From: flur () d1f org
Date: 20 Oct 2006 06:41:27 -0000
I would check the router configuration to ensure that port 27665 on your router isn't forwarding to any machines on 
your local network. I would also run portscans on all machines within your network to ensure that no rouge ports are 
open there. The fact that your router is dropping packets to this port does not indicate that you've been owned- often 
times routers are configured to drop traffic on known malicious ports- and it looks like this is what your router is 
doing. The fact that the state is filtered can be explained by the fact that your router is simply ignoring traffic on 
this port without sending the appropriate replies back to the host performing the nmap scan (i.e. your router is 
dropping instead of denying).

There is lots of discussion around whether it is better to drop or deny. Dropping packets is perceived to be more 
resilient to denial of service attacks- but if someone wanted to DoS you they would likely find some responsive port to 
direct traffic to so it may be worth the trouble to try and deny traffic instead.

Essentially however, you are at very little risk of having had your machine compromised. If you were compromised, it is 
likely not related to this port as given that it is filtered even the person that rooted you would be unable to 
communicate with your machine through it. You mention that the router is a Cisco box running IOS- which AFAIK does not 
support any covert 'port knocking'. A filtered state would indicate that the port is quite simply not responsive to the 
world.

I hope this helps...
flurdoing

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: