Re: What does this nmap report mean
- From: Harry Putnam <reader@xxxxxxxxxxx>
- Date: Wed, 01 Mar 2006 07:43:24 -0600
"ynotssor" <ynotssor@xxxxxxxxxxx> writes:
"Harry Putnam" <reader@xxxxxxxxxxx> wrote in message
news:87hd6jkpsd.fsf@xxxxxxxxxxx
I've nmapped a host hitting my port 22 repeatedly and see this:
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
135/tcp filtered msrpc
143/tcp open imap
443/tcp open https
445/tcp filtered microsoft-ds
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt
31337/tcp open Elite
Is this a zombie that doesn't now its controlled with a backdoor at
31337/tcp open Elite or just some sort of comeon filter or
something?
Port 31337 is open; nmap (in the absence of -sV) has no idea what process is
bound to that particular port and is merely reporting the entry from the
nmap-services file.
So you think that by port scanning their machine that you are any different
from them and what they are doing?
Port scanning is not and indication of something bad always.
I did't port scan them as a retaliation as you seem to imply.
I posted here because I'm wondering if I need to contact that admin
and let them know they have a back door, and there machine is being
used by somebody to cladestinely portscan and otherwise prepare for
illegal breakins.
My portscan was not clandestine... I will answer for it to any and all
inquiries.
.
- Follow-Ups:
- Re: What does this nmap report mean
- From: ynotssor
- Re: What does this nmap report mean
- References:
- What does this nmap report mean
- From: Harry Putnam
- Re: What does this nmap report mean
- From: ynotssor
- What does this nmap report mean
- Prev by Date: Re: Linux and Viruses (again)
- Next by Date: Re: What can I do about breakin attempts?
- Previous by thread: Re: What does this nmap report mean
- Next by thread: Re: What does this nmap report mean
- Index(es):
Relevant Pages
|
