Re: Data Interpretation

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2009-03-16 Michael Lynch wrote:
> Last week a friend suggested that I download and try nmap, at his
> suggestion I tried nmap and found it very interesting.
> After installation I tried a scan on a Linux computer that I have, to
> test it out.
> I found a few results that caught my eye, but I cannot correctly
> interpret the results.
> Could someone help me with the interpretation?
>
> Here is what is in question! 
>  
> Port  Protocol  State     Service 
>  
> 12345 tcp       filtered  netbus
> 27374 tcp       filtered  subseven
> 31337 tcp       filtered  Elite 

Something between the scanning host and the scanned host is discarding
packets to those ports. Could be a packet filter on the scanned host,
your ISP, or someone else along the line.

[...]
> I know that all the services listed here are backdoor style breaches,
> but does this mean that the machine has been infected by these or that
> there has been an attempted attack with these? 

No.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available. 

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------