|
Security Incidents
mailing list archives
Re: strange, strange stuff
From: Peter Moody <peter.moody () lutris com>
Date: Mon, 26 Mar 2001 23:30:16 -0800
Hugo van der Kooij wrote:
On Mon, 26 Mar 2001, Max Gribov wrote:
I did my weekly sweep of my machine, which involves portscans, log
reviews, etc, and during nmap'ing i came across this:
four consequtive nmaps below:
--------------------------------
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Strange read error from 127.0.0.1 (104): Operation now in progress
Strange read error from 127.0.0.1 (104): Operation now in progress
Strange read error from 127.0.0.1 (104): Operation now in progress
Interesting ports on localhost (127.0.0.1):
(The 65494 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
113/tcp open auth
1918/tcp open unknown
2643/tcp open unknown
4986/tcp open unknown
6000/tcp open X11
....
Why would someone use nmap to a local machine. I guess `lsof` and `netstat
-na` would be more reliable.
some trojans employ root kits which hide can hide the fact that they are listening
on certain ports. in thess cases, lsof and netstat wouldn't help...
--
Peter Moody Systems Administrator
Lutris Technologies peter.moody () lutris com
:wq
 By Date 
By Thread
Current thread:
|
Intro
