Re: Am I owned on port 27665
- From: Andre Lauw <andre.lauw@xxxxxxxxx>
- Date: Thu, 19 Oct 2006 08:58:19 +0200
Faheem SIDDIQUI wrote:
On my Cisco Router, I do a nmap from outside on the Internet. The resultI did some search on google and I found this
is:
" Interesting ports on *.*.50.1:
Not shown: 1676 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
135/tcp filtered msrpc
1524/tcp filtered ingreslock
27665/tcp filtered Trinoo_Master
I am worried about the last two entries. The last nmap was done in Feb
this year and I have confirmed that the two ports did not exist.
Though the state "filtered" is a solace but I am still concerned. How
can O be sure that the system has not been compromised?
Also the current IOS Version on my Router is 12.4. It was the same case
when I was using older v 12.2 on another router, so I thought maybe,
it's an IOS issue and I upgraded my Router to 2811 with IOS v 12.4.
But as soon as I plugged it into the circuit, I realised the nmap again
gives the trinoo_master entry with state as filtered.
Where could lie the problem. Is it with my firewall configuration behind
the router?
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you can
earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
(http://www.cert.org/incident_notes/IN-99-07.html) on cert and for more
detailed info about trinoo
(http://staff.washington.edu/dittrich/misc/trinoo.analysis).
Good luck,
Andre
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- From: Wise, Ben
- Am I owned on port 27665
- From: Faheem SIDDIQUI
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
- Prev by Date: Problem with rootkit
- Next by Date: Usefulness AUP on an Anonymous Wireless Network.
- Previous by thread: Re: Am I owned on port 27665
- Next by thread: Re: Am I owned on port 27665
- Index(es):
Relevant Pages
|
