So I ran nmap on my home machine feeling interested in trying out my
new security skills and what I found is not pretty.  

Basically this list reminds me of a college friend who's 10 year old
brother licked the railing all the way down the Guggenheim and then
broke out in 5 different kind of sores about 3 days later.

I know that Trinoo_Master running on 27374 and  subseven on  
27665 are both remote hacker gaping holes.  I'm suspicious about other
things but does anyone recognize some of these nasty wounds
festering.  

One thing I am worried about is a keystroke monitor, because I have
used ssh to log into several over machines and am wondering if those
machines are compromised too.  Port sniffers wouldn't get my password
with ssh, but a keyboard monitor would.  Are keystroke monitors in
linux at the level of X or the kernel?  And is anything in the list
below indicative of one?

The list follows, and don't worry, most of the open things have been
subsequently shut.  

Go easy, my pussy is sore.

joshua

17/tcp     closed      qotd                    
18/tcp     closed      msp                     
20/tcp     closed      ftp-data                
21/tcp     open        ftp                     
22/tcp     open        ssh                     
23/tcp     open        telnet                  
25/tcp     open        smtp                    
42/tcp     closed      nameserver              
53/tcp     open        domain                  
59/tcp     closed      priv-file               
79/tcp     open        finger                  
82/tcp     closed      xfer                    
84/tcp     closed      ctf                     
88/tcp     closed      kerberos-sec            
93/tcp     closed      dcp                     
99/tcp     closed      metagram                
110/tcp    closed      pop-3                   
111/tcp    open        sunrpc                  
154/tcp    closed      netsc-prod              
160/tcp    closed      sgmp-traps              
167/tcp    closed      namp                    
188/tcp    closed      mumps                   
195/tcp    closed      dn6-nlm-aud             
196/tcp    closed      dn6-smm-red             
214/tcp    closed      vmpwscs                 
221/tcp    closed      fln-spx                 
223/tcp    closed      cdc                     
244/tcp    closed      dayna                   
263/tcp    closed      hdap                    
310/tcp    closed      bhmds                   
364/tcp    closed      aurora-cmgr        
516/tcp    closed      videotex                
523/tcp    closed      ibm-db2                 
537/tcp    closed      nmsp                    
541/tcp    closed      uucp-rlogin             
544/tcp    closed      kshell                  
547/tcp    closed      dhcpv6-server           
577/tcp    closed      vnas                    
588/tcp    closed      cal                     
591/tcp    closed      http-alt                
592/tcp    closed      eudora-set              
593/tcp    closed      http-rpc-epmap          
763/tcp    closed      cycleserv               
773/tcp    closed      submit                  
776/tcp    closed      wpages                  
781/tcp    closed      hp-collector            
873/tcp    open        rsync                   
880/tcp    closed      unknown                 
900/tcp    closed      unknown                 
901/tcp    open        samba-swat     
1348/tcp   closed      bbn-mmx                 
1355/tcp   closed      intuitive-edge          
1367/tcp   closed      dcs                     
1387/tcp   closed      cadsi-lm                
1391/tcp   closed      iclpv-sas               
1392/tcp   closed      iclpv-pm                
1398/tcp   closed      video-activmail         
1418/tcp   closed      timbuktu-srv2           
1436/tcp   closed      sas-2                   
1439/tcp   closed      eicon-x25               
1444/tcp   closed      marcam-lm               
1453/tcp   closed      genie-lm                
1467/tcp   closed      csdmbase                
1470/tcp   closed      uaiact                  
1474/tcp   closed      telefinder              
1486/tcp   closed      nms_topo_serv           
1490/tcp   closed      insitu-conf    
1500/tcp   closed      vlsi-lm                 
1512/tcp   closed      wins                    
1513/tcp   closed      fujitsu-dtc             
1526/tcp   closed      pdap-np                 
1540/tcp   closed      rds                     
1669/tcp   closed      netview-aix-9  
1998/tcp   closed      x25-svc-port            
2003/tcp   closed      cfingerd                
2008/tcp   closed      conf                    
2020/tcp   closed      xinupageserver          
2021/tcp   closed      servexec                
2026/tcp   closed      scrabble                
2035/tcp   closed      imsldoc                 
2112/tcp   closed      kip                     
2241/tcp   closed      ivsd             
3006/tcp   closed      deslogind 
3306/tcp   open        mysql  
3462/tcp   closed      track   
3985/tcp   closed      mapper-mapethd          
4008/tcp   closed      netcheque  
4672/tcp   closed      rfa        
5190/tcp   closed      aol                     
5192/tcp   closed      aol-2      
5715/tcp   closed      prosharedata     
5999/tcp   closed      ncd-conf                
6000/tcp   open        X11                     
6004/tcp   closed      X11:4                   
6010/tcp   open        unknown          
7100/tcp   closed      font-service    
8021/tcp   open        unknown                 
8080/tcp   open        http-proxy       
10005/tcp  closed      stel
12000/tcp  closed      cce4x    
27374/tcp  closed      subseven   
27665/tcp  closed      Trinoo_Master    
32768/tcp  open        unknown                 
32773/tcp  closed      sometimes-rpc9          
32786/tcp  closed      sometimes-rpc25         
32787/tcp  closed      sometimes-rpc27         
44443/tcp  closed      coldfusion-auth   
61440/tcp  closed      netprowler-manager2     
65301/tcp  closed      pcanywhere     







_______________________________________________
Bits mailing list
[EMAIL PROTECTED]
http://www.sugoi.org/mailman/listinfo/bits

Reply via email to