Security Incidents mailing list archives
Re: strange, strange stuff
From: Hugo van der Kooij <hvdkooij () VANDERKOOIJ ORG>
Date: Tue, 27 Mar 2001 07:15:44 +0200
On Mon, 26 Mar 2001, Max Gribov wrote:
I did my weekly sweep of my machine, which involves portscans, log reviews, etc, and during nmap'ing i came across this: four consequtive nmaps below: -------------------------------- Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ ) Strange read error from 127.0.0.1 (104): Operation now in progress Strange read error from 127.0.0.1 (104): Operation now in progress Strange read error from 127.0.0.1 (104): Operation now in progress Interesting ports on localhost (127.0.0.1): (The 65494 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 113/tcp open auth 1918/tcp open unknown 2643/tcp open unknown 4986/tcp open unknown 6000/tcp open X11
.... Why would someone use nmap to a local machine. I guess `lsof` and `netstat -na` would be more reliable. You have a typical case where Harry meets Harry. You are seeing your own port scan and a clear demonstration why nmap to a localhost is not the best thing to do. (It is quite likely you caused a temporal distortion in the time/space continum while doing so.) Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Alle email is gebonden aan de regels beschreven op mijn homepage. All email send to me is bound to the rules described on my homepage. Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Current thread:
- strange, strange stuff Max Gribov (Mar 26)
- Re: strange, strange stuff Hugo van der Kooij (Mar 26)
- Re: strange, strange stuff Peter Moody (Mar 27)
- Re: strange, strange stuff Erik (Mar 28)
- Re: strange, strange stuff Jason Boyer (Mar 27)
- Re: strange, strange stuff Hugo van der Kooij (Mar 26)