Re: Port 9088

[Todd Meister <todd () LMI NET>]

Since that posting, I discovered (by checking the results of the portscan
manually) that most of the hosts reported were actually Flowpoint DSL
routers.  There were also a couple strange boxes, the identity of which I
haven't resolved.

-Todd

On 05-Oct-2000 Christopher Tresco wrote:
> It has been my experience that when nmap says filtered it isn't blocked w/
> ipchains.  Usually that would mean the router filters that port.
>
>
>
>
> -----Original Message-----
> From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
> Behalf Of Todd Meister
> Sent: Wednesday, October 04, 2000 5:19 PM
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Port 9088
>
>
>
> Interesting ports on hax0red.whoopsie.com (10.0.0.3):
> Port    State       Protocol  Service
> 9088    filtered    tcp       unknown
>
> All of them are filtered.
>
> I see two possibilities -- the cracker in question is using ipchains or
> something similar to secure the rootshell against other barbarian hordlings,
> or
> perhaps there is some service that actually runs at 9088.
>
> So my question is, is there some software or other that listens on this
> port,
> or is there a pretty good chance that every IP reporting an open port 9088
> has
> been compromised?  Is there a way of testing, even though nmap reports the
> port
> as filtered?