The information that nmap gives concerning ports are derived from a local
services file or remote file that is designated as a service lookup file.
It looks like the admin of the scanned decided to use port 6666 instead of
the more common port 6667 ssh root kit.
-----Original Message-----
From: arendashu ph [mailto:arendashu_at_yahoo.com]
Sent: Friday, January 04, 2002 5:45 AM
To: nmap-dev_at_insecure.org
Subject: oka...let's try something else ...
hi,,
first of all i want to thank to all of those who
replayed....
and ....
i have scaned other peoples servers..i mean hacked
servers by them...all the rootkits they use r using a
vulnerable ssh ..i and have an exploit for that ssh...
that's why nmap it's so important because i can find
their open ports ..especialy their rootkit port...
..and now is my big problem...
when i scaned someone's ip..and it turned out about 5
ports opened ..oka..but i know that he hacked that
server so...i knew that one of those ports is his ssh
port
and when i started to check all those open ports ..
with : telnet ip port
of course nmap it also tolds u what every open port is
doing for example : port 22 ssh
oka...
but one of those 5 open ports they don't mentioned
about open ssh port..all that nmap said to me is one
port 6666 is used by ircserv
and when i tried : telnet ip 6666...
it told me that it is his rootkit ssh port !!!!
that maked me very confuse...
can i do that on my server ?
regards..
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Jan 04 2002
Intro
