So I ran nmap on my home machine feeling interested in trying out my new security skills and what I found is not pretty.
Basically this list reminds me of a college friend who's 10 year old brother licked the railing all the way down the Guggenheim and then broke out in 5 different kind of sores about 3 days later. I know that Trinoo_Master running on 27374 and subseven on 27665 are both remote hacker gaping holes. I'm suspicious about other things but does anyone recognize some of these nasty wounds festering. One thing I am worried about is a keystroke monitor, because I have used ssh to log into several over machines and am wondering if those machines are compromised too. Port sniffers wouldn't get my password with ssh, but a keyboard monitor would. Are keystroke monitors in linux at the level of X or the kernel? And is anything in the list below indicative of one? The list follows, and don't worry, most of the open things have been subsequently shut. Go easy, my pussy is sore. joshua 17/tcp closed qotd 18/tcp closed msp 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 42/tcp closed nameserver 53/tcp open domain 59/tcp closed priv-file 79/tcp open finger 82/tcp closed xfer 84/tcp closed ctf 88/tcp closed kerberos-sec 93/tcp closed dcp 99/tcp closed metagram 110/tcp closed pop-3 111/tcp open sunrpc 154/tcp closed netsc-prod 160/tcp closed sgmp-traps 167/tcp closed namp 188/tcp closed mumps 195/tcp closed dn6-nlm-aud 196/tcp closed dn6-smm-red 214/tcp closed vmpwscs 221/tcp closed fln-spx 223/tcp closed cdc 244/tcp closed dayna 263/tcp closed hdap 310/tcp closed bhmds 364/tcp closed aurora-cmgr 516/tcp closed videotex 523/tcp closed ibm-db2 537/tcp closed nmsp 541/tcp closed uucp-rlogin 544/tcp closed kshell 547/tcp closed dhcpv6-server 577/tcp closed vnas 588/tcp closed cal 591/tcp closed http-alt 592/tcp closed eudora-set 593/tcp closed http-rpc-epmap 763/tcp closed cycleserv 773/tcp closed submit 776/tcp closed wpages 781/tcp closed hp-collector 873/tcp open rsync 880/tcp closed unknown 900/tcp closed unknown 901/tcp open samba-swat 1348/tcp closed bbn-mmx 1355/tcp closed intuitive-edge 1367/tcp closed dcs 1387/tcp closed cadsi-lm 1391/tcp closed iclpv-sas 1392/tcp closed iclpv-pm 1398/tcp closed video-activmail 1418/tcp closed timbuktu-srv2 1436/tcp closed sas-2 1439/tcp closed eicon-x25 1444/tcp closed marcam-lm 1453/tcp closed genie-lm 1467/tcp closed csdmbase 1470/tcp closed uaiact 1474/tcp closed telefinder 1486/tcp closed nms_topo_serv 1490/tcp closed insitu-conf 1500/tcp closed vlsi-lm 1512/tcp closed wins 1513/tcp closed fujitsu-dtc 1526/tcp closed pdap-np 1540/tcp closed rds 1669/tcp closed netview-aix-9 1998/tcp closed x25-svc-port 2003/tcp closed cfingerd 2008/tcp closed conf 2020/tcp closed xinupageserver 2021/tcp closed servexec 2026/tcp closed scrabble 2035/tcp closed imsldoc 2112/tcp closed kip 2241/tcp closed ivsd 3006/tcp closed deslogind 3306/tcp open mysql 3462/tcp closed track 3985/tcp closed mapper-mapethd 4008/tcp closed netcheque 4672/tcp closed rfa 5190/tcp closed aol 5192/tcp closed aol-2 5715/tcp closed prosharedata 5999/tcp closed ncd-conf 6000/tcp open X11 6004/tcp closed X11:4 6010/tcp open unknown 7100/tcp closed font-service 8021/tcp open unknown 8080/tcp open http-proxy 10005/tcp closed stel 12000/tcp closed cce4x 27374/tcp closed subseven 27665/tcp closed Trinoo_Master 32768/tcp open unknown 32773/tcp closed sometimes-rpc9 32786/tcp closed sometimes-rpc25 32787/tcp closed sometimes-rpc27 44443/tcp closed coldfusion-auth 61440/tcp closed netprowler-manager2 65301/tcp closed pcanywhere _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
