Security Basics mailing list archives
Re: Am I owned on port 27665
From: flur () d1f org
Date: 20 Oct 2006 06:41:27 -0000
I would check the router configuration to ensure that port 27665 on your router isn't forwarding to any machines on your local network. I would also run portscans on all machines within your network to ensure that no rouge ports are open there. The fact that your router is dropping packets to this port does not indicate that you've been owned- often times routers are configured to drop traffic on known malicious ports- and it looks like this is what your router is doing. The fact that the state is filtered can be explained by the fact that your router is simply ignoring traffic on this port without sending the appropriate replies back to the host performing the nmap scan (i.e. your router is dropping instead of denying). There is lots of discussion around whether it is better to drop or deny. Dropping packets is perceived to be more resilient to denial of service attacks- but if someone wanted to DoS you they would likely find some responsive port to direct traffic to so it may be worth the trouble to try and deny traffic instead. Essentially however, you are at very little risk of having had your machine compromised. If you were compromised, it is likely not related to this port as given that it is filtered even the person that rooted you would be unable to communicate with your machine through it. You mention that the router is a Cisco box running IOS- which AFAIK does not support any covert 'port knocking'. A filtered state would indicate that the port is quite simply not responsive to the world. I hope this helps... flurdoing --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Am I owned on port 27665 flur (Oct 20)