Re: Is my home computer at risk knowing that nmap says...
- From: "GM" <gaetan_martineau@xxxxxxxx>
- Date: 29 May 2006 01:04:57 -0700
Thanks very much for your kind answers...
1) I can not see (so far..) anything here obviously showing that my
computer has been compromised.
2) In the meantime, since yesterday, I could make a phone call to my
home to ask for an on-site hand verification. This did show that the
firewall is still up.
3) Looking at the nmap output yesterday, I certainly overreacted and
maybe "panic" was the right word for qualifying this reaction. A scan
of ip's around mine is certainly not what I would normally do...
4) "ping" does not echo anything... Nor does "hping2", which I did
download and install (thanks for that info)
5) If I "traceroute" to my computer, I see, (well I do publish here the
hosts in between):
/usr/sbin/traceroute xxx.xxx.xxx.xxx | awk '/^ *[0-9]/{printf ( "%2d
%4d %4d %4d\n", $1, $(NF-5), $(NF-3), $(NF-1))}'
1 0 0 0
2 2 2 2
3 835 829 828
4 827 825 977
5 974 967 966
6 964 962 1963
7 1961 1959 1957
8 1956 1954 1952
9 1638 1637 1636
10 1633 1631 1630
11 1623 2720 2717
12 2716 2714 2712
13 2711 3069 2803
14 3066 3064 3061
15 1290 1288 1287
16 1283 1282 1796
17 1585 1583 1581
18 1578 1577 2092
19 2090 2089 2086
20 2083 2082 2081
21 1450 1449 1447
22 1445 1598 1596
23 1521 1518 1517
24 1587 1585 1582
25 1580 1579 1577
26 1575 1574 1572
.... but well, that does not mean much to me. However, of course, in the
complete output, I do recognize names until I get near my home city,
toward the last lines.
4) The services I want to run on this computer are: ssh, lpd, nfs and
samba for the inside network only and ftp and http for the outside and
inside. I want ssh for administration, lpd because there is a shared
printer, samba because there is in the internal network this other
computer that uses this other OS. ftp and http are allowed both in and
out also because I have information here I want to make available to
other peoples (news to friends etc). No other services are needed at
this point. Maybe I will allow ssh in the future, but certainly not
before I know better ... I think my netstat output (previous post) does
reflect these expectations of mine. If not, your kind comments are most
welcome.
5) I will try to find a friend (a linux friend, that is) in my home
country that can run a nmap scan for me and report the results to see
if that is different from the one I can run here. I may report that
here some time from now.
6) I will physically be at my home in two weeks from now to audit my
system. Maybe I will also report some more information then.
7) As for conclusion so far, I do not quite understand then the output
from nmap. And then, I am not quite sure of a "proxy" making, - if I
understand well -, nmap reporting here bad results.
Thanks,
Gaetan
.
- Follow-Ups:
- Re: Is my home computer at risk knowing that nmap says...
- From: Moe Trin
- Re: Is my home computer at risk knowing that nmap says...
- From: Andrew Schulman
- Re: Is my home computer at risk knowing that nmap says...
- References:
- Prev by Date: Re: Linux Firewall
- Next by Date: Re: Is my home computer at risk knowing that nmap says...
- Previous by thread: Re: Is my home computer at risk knowing that nmap says...
- Next by thread: Re: Is my home computer at risk knowing that nmap says...
- Index(es):
Relevant Pages
|
