Security Basics mailing list archives

Re: Data Interpretation

From: τ∂υƒιφ * <tas0584 () gmail com>
Date: Tue, 17 Mar 2009 10:14:17 +0530

Hey

All these are remote admin trojans. Looks that your system is
compromised. Since they are filtered first telnet to these ports & see
if they open. If they test +ve then block them on the firewall
immediately & then you can later get rid of them.


cheers
---
Taufiq
http://www.niiconsulting.com/products/iso_toolkit.html



2009/3/17 Michael Lynch <mlynch1212 () msn com>:


Hello,

First of all let me start by saying that
I have 4 days of experience with nmap

Last week a friend suggested that I download
and try nmap, at his suggestion I tried nmap
and found it very interesting.
After installation I tried a scan on a Linux computer
that I have, to test it out.
I found a few results that caught my eye, but I
cannot correctly interpret the results.
Could someone help me with the interpretation?



Here is what is in question!

Port  Protocol  State     Service

12345 tcp       filtered  netbus
27374 tcp       filtered  subseven
31337 tcp       filtered  Elite


Here is the command that I used:
nmap -PE -v -p1-65535 -PA21,23,80,3389 -A -T4 xxx.xxx.xxx.xxx  (XXX.= my IP address)

I initiated this scan using the Zenmap GUI

I know that all the services listed here are backdoor style breaches,
but does this mean that the machine has been infected by these or
that there has been an attempted attack with these?
Could someone please help me with this?


Thanks in advance,
Michael
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry 
recognized certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------

Current thread:

Data Interpretation Michael Lynch (Mar 16)
- RE: Data Interpretation Javier Becerra (Mar 17)
- Re: Data Interpretation Derek Robson (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation Alexis Grigoriou (Mar 17)
- Re: Data Interpretation τ∂υƒιφ * (Mar 17)
  - Re: Data Interpretation Ansgar Wiechers (Mar 17)
  - RE: Data Interpretation David Gillett (Mar 17)
    - Re: Data Interpretation Ansgar Wiechers (Mar 19)
    - RE: Data Interpretation David Gillett (Mar 20)
    - Re: Data Interpretation Ansgar Wiechers (Mar 24)
- Re: Data Interpretation Michael Painter (Mar 17)
  - Re: Data Interpretation David Schekaiban (Mar 17)
- Re: Data Interpretation Thrynn (Mar 17)
- <Possible follow-ups>
- FW: Data Interpretation Murda Mcloud (Mar 19)