RE: Data Interpretation

["David Gillett" <gillettdavid () fhda edu>]

  If these ports were simply unused, nmap's SYN packet probe of them would
receive back an ICMP "Unreachable" packet.  If there were an "ordinary"
process
listening on that port, it would receive back a SYN-ACK packet and would
report
that your system was listening -- that you had likely been compromised by
one
of these trojans.

  Neither of these things is happening, and nmap can't tell why not.
SOMETHING
must be listening, since no ICMP packet was received back, but clearly it's
not
a normal process.  The most likely scenario is that a firewall or other
security
measure is dropping the SYN packet without deigning to respond.
  This is, in fact, exactly what you want.  nmap is confirming that your
system,
should it become compromised using one of these backdoors, is protected
against
having the compromise exploited by a remote attacker.

David Gillett


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available. 

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------