and you think i did the scan from my machine?
sometimes yes i do foolhardy things, but i am not
without a bit of common sense.
eric
----- Original Message -----
On Tue, Apr 17, 2001 at 05:05:36PM -0500, eric clover wrote:
> i just got scanned. i in turn scanned them. this is what i got back.
> are they compromised? (look at the last one)
Don't know about that, but you may have just tipped them off
that they got your attention and they "have a live one here". I suspect
that you will be getting a LOT more attention very shortly.
What you did was very foolish.
> eric
> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
> Interesting ports on (61.33.33.104):
> (The 1502 ports scanned but not shown below are in state: closed)
> Port State Service
> 1/tcp open tcpmux
> 21/tcp open ftp
> 22/tcp open ssh
> 23/tcp open telnet
> 25/tcp open smtp
> 79/tcp open finger
> 80/tcp open http
> 86/tcp open mfcobol
> 98/tcp open linuxconf
> 109/tcp open pop-2
> 110/tcp open pop-3
> 113/tcp open auth
> 143/tcp open imap2
> 465/tcp open smtps
> 513/tcp open login
> 514/tcp open shell
> 515/tcp open printer
> 1024/tcp open kdm
> 2001/tcp open dc
> 3306/tcp open mysql
> 31337/tcp open Elite
Possibly compromised or possibly running a "scan detector" like
Abacus port sentry or some hacker tool designed to detect reverse scans
and log potential future victims. :-)
If you are LUCKY it may be just one of the various worms that are
running loose and not capable of logging and attacking counter scanning
systems. That's probably the case. If not, if I were you, I would watch
my systems VERY carefully over the next few days (or weeks or months)
for any followup attacks. You may have attracted some very undesirable
attention to yourself. If it's just a "script kiddie", you probably
have nothing to worry about. If it's someone serious, you may have
a great deal to worry about.
BTW... Another reason for NEVER doing what you did is that you
just did the same thing they did. If their actions triggered your
suspicions and you just did the same thing, what do you think the
reactions will be from any IDS or security product on that end (on
that system or elsewhere)? If they HAVE been compromised (which they
probably have) guess who might have to answer some tricky questions if
the port scan shows up in the logs in the forensic investigation at that
end? If the system at that far end had been damaged, then law enforcement
might already be getting involved and you might want to double check where
you placed your lawyer's business card...
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
