RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second

From: alfaentomega (alfaentomega@yahoo.com)
Date: 12/27/02

Next message: Stephen Friedl: "Re: RPAT - Realtime Proxy Abuse Triangulation"

Previous message: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Maybe in reply to: alfaentomega: "Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Next in thread: Charles.Fasching@milestonesystems.com: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Dec 2002 00:36:29 -0800 (PST)
From: alfaentomega <alfaentomega@yahoo.com>
To: Rob Shein <shoten@starpower.net>

--- Rob Shein <shoten@starpower.net> wrote:
> Just to let you know, scanning localhost with nmap produces strange
> results usually. Try scanning from another node before you go any
> further.

I asked someone else to scan me. He told me that he doesn't see (and
has never seen) such ports on his machine and that he doesn't see
anything on mine, but after a while he found few random open ports on
my host. I suppose it was because I was scanning myself at the same
time, but when he told me that I indeed had open ports and that I
should start comparing my /proc to ps output, I was sure I had been
compromised. Now I know everything, thanks to Fyodor's answer.

Thanks.
-Alfaentomega.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Next message: Stephen Friedl: "Re: RPAT - Realtime Proxy Abuse Triangulation"
Previous message: alfaentomega: "Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Maybe in reply to: alfaentomega: "Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Next in thread: Charles.Fasching@milestonesystems.com: "RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: The legal / illegal line?
... scanning without authorisation is illegal. ... as far as I am aware scanning for open ports is not illegal. ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: router for firewall on home PC?
... >> Yeah, I wonder how widespread it is too, since I've heard absolutely ... But still, I've had no problems with it, it works great, and all pc scanning ... open ports. ...
(comp.security.firewalls)
Re: Is this normal?
... Hash: SHA1 ... > You can't scan for open ports if the packets contain a fake return ... In order for the scanning machine to know that a ...
(Security-Basics)
Re: Is this normal?
... On Fri, 2004-10-22 at 12:34 -0300, Joe Polk wrote: ... You can't scan for open ports if the packets contain a fake return ... In order for the scanning machine to know that a port ... Barrie Dempster (zeedo) - Fortiter et Strenue ...
(Security-Basics)
Re: Weird happenings with my Windows Mail
... I have stopped using e-mail scanning on WM. ... WLM will take only the subscription Yahoo. ... I cannot see how to turn off e-mail scanning by a simple single click so I ... As a minimum, email scanning in the antivirus should be turned off, ...
(microsoft.public.windows.vista.mail)