Security Basics mailing list archives
Re: Data Interpretation
From: Thrynn <thrynn404 () gmail com>
Date: Tue, 17 Mar 2009 12:13:41 -0400
Maybe I mis-read, but was the target of the scan a Linux box or a Windows box? The Service listed is what typically runs on these ports (Sub7, Netbus, etc) and, in the case of Sub7 and Netbus, these are Windows backdoors not Linux. As others have said, the connection attempt was Filtered either by your ISP or a firewall. NMAP couldn't determine one way or another whether this port was actually open. Any attempt to connect to these ports via telnet will also be filtered, and thus, most likely, fail. If you are concerned with the scan results and have the appropriate access to the machine, you may want to run netstat, or lsof (on the machine itself) to determine if something is listening on those ports. On Mon, Mar 16, 2009 at 4:27 PM, Michael Lynch <mlynch1212 () msn com> wrote:
Hello, First of all let me start by saying that I have 4 days of experience with nmap Last week a friend suggested that I download and try nmap, at his suggestion I tried nmap and found it very interesting. After installation I tried a scan on a Linux computer that I have, to test it out. I found a few results that caught my eye, but I cannot correctly interpret the results. Could someone help me with the interpretation? Here is what is in question! Port Protocol State Service 12345 tcp filtered netbus 27374 tcp filtered subseven 31337 tcp filtered Elite Here is the command that I used: nmap -PE -v -p1-65535 -PA21,23,80,3389 -A -T4 xxx.xxx.xxx.xxx (XXX.= my IP address) I initiated this scan using the Zenmap GUI I know that all the services listed here are backdoor style breaches, but does this mean that the machine has been infected by these or that there has been an attempted attack with these? Could someone please help me with this? Thanks in advance, Michael ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Re: Data Interpretation, (continued)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation Alexis Grigoriou (Mar 17)
- Re: Data Interpretation τ∂υƒιφ * (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation David Gillett (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 19)
- RE: Data Interpretation David Gillett (Mar 20)
- Re: Data Interpretation Ansgar Wiechers (Mar 24)
- Re: Data Interpretation David Schekaiban (Mar 17)