Re: What does this nmap report mean



"ynotssor" <ynotssor@xxxxxxxxxxx> writes:

"Harry Putnam" <reader@xxxxxxxxxxx> wrote in message
news:87hd6jkpsd.fsf@xxxxxxxxxxx

I've nmapped a host hitting my port 22 repeatedly and see this:

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
135/tcp filtered msrpc
143/tcp open imap
443/tcp open https
445/tcp filtered microsoft-ds
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt
31337/tcp open Elite

Is this a zombie that doesn't now its controlled with a backdoor at
31337/tcp open Elite or just some sort of comeon filter or
something?

Port 31337 is open; nmap (in the absence of -sV) has no idea what process is
bound to that particular port and is merely reporting the entry from the
nmap-services file.


So you think that by port scanning their machine that you are any different
from them and what they are doing?

Port scanning is not and indication of something bad always.
I did't port scan them as a retaliation as you seem to imply.

I posted here because I'm wondering if I need to contact that admin
and let them know they have a back door, and there machine is being
used by somebody to cladestinely portscan and otherwise prepare for
illegal breakins.

My portscan was not clandestine... I will answer for it to any and all
inquiries.
.



Relevant Pages

  • Re: What does this nmap report mean
    ... PORT STATE SERVICE ... 110/tcp open pop3 ... 143/tcp open imap ... 31337/tcp open Elite or just some sort of comeon filter or ...
    (comp.os.linux.security)
  • Re: HELP: BizTalk 2004 Direct Port to Message Box - Delivered not consumed
    ... Have to tighten up the filter expression - because once i subscribe to ... Message box direct bound ports, as its name implies, allows you to drop ... bound port set the 'Partner Orchestration Port' property to ... an activating receive shape the subscription will be the message type ...
    (microsoft.public.biztalk.general)
  • Re: Scanning--more then one side to the argument
    ... PORT STATE SERVICE VERSION ... Filtered means that a firewall, filter, or other network obstacle ... >> I would say that any open port POTENTIALLY could be a security issue ... just being networked could be a risk. ...
    (Security-Basics)
  • Re: Microsoft Strategic Technology Protection Program
    ... the default setting when specifying a filter in the 'IP ... outbound TCP *sessions*. ... This would mean that the web server cannot use port ... if you set up a mirrored filter in IPSec, ...
    (NT-Bugtraq)
  • RE: Possible DoS Attack?
    ... > was compromised they'd have simply turned off the filter, ... system accepts to turn the firewall off? ... wrote regarding RE: Possible DoS Attack?: ... What your firewall dropped was the result of a port ...
    (Incidents)