Security Basics mailing list archives
RE: Data Interpretation
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 17 Mar 2009 13:18:26 -0700
If these ports were simply unused, nmap's SYN packet probe of them would receive back an ICMP "Unreachable" packet. If there were an "ordinary" process listening on that port, it would receive back a SYN-ACK packet and would report that your system was listening -- that you had likely been compromised by one of these trojans. Neither of these things is happening, and nmap can't tell why not. SOMETHING must be listening, since no ICMP packet was received back, but clearly it's not a normal process. The most likely scenario is that a firewall or other security measure is dropping the SYN packet without deigning to respond. This is, in fact, exactly what you want. nmap is confirming that your system, should it become compromised using one of these backdoors, is protected against having the compromise exploited by a remote attacker. David Gillett ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Data Interpretation Michael Lynch (Mar 16)
- RE: Data Interpretation Javier Becerra (Mar 17)
- Re: Data Interpretation Derek Robson (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation Alexis Grigoriou (Mar 17)
- Re: Data Interpretation τ∂υƒιφ * (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation David Gillett (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 19)
- RE: Data Interpretation David Gillett (Mar 20)
- Re: Data Interpretation Ansgar Wiechers (Mar 24)
- Re: Data Interpretation David Schekaiban (Mar 17)
- <Possible follow-ups>
- FW: Data Interpretation Murda Mcloud (Mar 19)