Check to make sure that the servers running on those ports aren't vulnerable. Also, is there a possibility that someone inside your firewall is acting malicious?
Is your firewall vulnerable? RH7.2 is getting kinda old, have you kept your patches up to date? Just because you have a firewall doesn't mean that you are safe... You obviously have another issue to deal with; why are you being targetted so frequently? Also, if you've been hacked once, what did you do to re-secure your box? Maybe the hacker left themselves a backdoor. Have you checked for rootkits? A complete reinstall might be warranted... -----Original Message----- From: Linux Security <[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 12:06 AM To: [EMAIL PROTECTED] Subject: Hack? Hello all, My redhat 7.2 is getting hacked very frequently even i got a firewall.appended bellow is the nmap output. What may be the loophole? % nmap -sA 202.xxx.xxx.xxx Initiating ACK Scan against isp.com () The ACK Scan took 275 seconds to scan 1542 ports. Interesting ports on isp.com (): (The 1538 ports scanned but not shown below are in state: filtered) Port State Service 25/tcp UNfiltered smtp 53/tcp UNfiltered domain 80/tcp UNfiltered http 443/tcp UNfiltered https Thanks in advance, A.Johnson --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------