A friend of mine just setup his firewall with a striped down version of
Mandrake 7.2 using rc.firewall.
The strange thing is that when I scan the machine (nmap) I see the
following port open.
31337/tcp filteredElite
This is the @home cable service provider blocking those ports
A friend of mine just setup his firewall with a striped down version of
Mandrake 7.2 using rc.firewall.
The strange thing is that when I scan the machine (nmap) I see the
following port open.
31337/tcp filteredElite
The only use I know for that port is for back doors.
Does anyone
One thing about nmap... depending on the scan type, it will show you a port
number, protocol, it's state and then give a name for a common service that
uses that port. It doesn't mean that the port is actually making use of that
port.
So, if nmap gets a response during it's scan from port
Praedor
Thanks for the quick reply
The machines is using @home (cable modem connection).
I will get him to check the /var/log/security file on his machine.
That should give us the name of the program that is using that port.
I was more worried if that there was a security hole/breakin.
It is not any problem being sure. Having a cable modem connection does make
you more vulnerable than, perhaps, using a DSL. Does he have a dynamic IP or
static?
How long WAS the system up before the firewall was built?
Remember, you may not actually be running any service on that port, and
As far as I know, that port is "filtered". That is it is logged and
monitored but it doesn't supposedly let you do anything.
--
.--. `
|__| .---. Altoine Barker
|=.| |.-.| Maximum Time, Inc
|--| ||$SEND|| Chicago Based Enterprise
| | |'-'|
On Wednesday 07 February 2001 12:08 pm, dany allard wrote:
31337/tcp filteredElite
The fact that nmap reported this port as filtered is also significant.
From the nmap man page:
'Filtered means that a firewall, filter, or other network obstacle is
covering
Thanks to everyone that replied.
It turns out that the port is closed.
I ran strobe against the machine several times and it returned all ports closed.
I tried to telnet to it, and could not connect.
Looks like a false positive, and I (being way to paranoid) reacted too quickly.
Thanks
