I have had 2 DDoS attacks in the past 2 days to one of my machines, but I
have just noticed something very odd in my traffic flow.
One of my other machines, not the one that was the target of the DDoS,
initiated a TCP session to 206.109.64.186 port 2064. Now as far as I am
aware I haven't done anything to cause this machine, its my desktop w/s,
to inititate this session so I ran an nmap scan and came up with this:
# nmap -sS -O -F 206.109.64.186
Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] (
www.insecure.org/nmap/ )
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
WARNING: OS didn't match until the 2 try
Interesting ports on Your.Unreality.com (206.109.64.186):
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
113/tcp open auth
143/tcp open imap2
2064/tcp open distrib-netassholes
3306/tcp open mysql
6005/tcp filtered X11:5
6666/tcp open irc-serv
8080/tcp open http-proxy
Remote operating system guess: FreeBSD 2.2.1 - 3.2
Nmap run completed -- 1 IP address (1 host up) scanned in 818 seconds
Can ayone tell me what service distrib-netassholes is? It telnets but
doesn't give anything out to indicate what it is.
--
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
