\begin{Brett Esra}
> As a random act of paranoia I have portscanned one of the machines at
> work with the latest NMAP Beta (2.54BETA22) and got the following:
> 22/tcp open ssh
> 23/tcp open telnet
> 25/tcp open smtp
> 113/tcp open auth
> 260/tcp filtered openport
> 361/tcp open semantix
> 379/tcp open is99c
> 557/tcp filtered openvms-sysipc
> 583/tcp open philips-vc
> 3000/tcp open ppp
> 3128/tcp open squid-http
> 5432/tcp open postgres
> 20432/tcp open unknown
> 27665/tcp open Trinoo_Master
> Next I tried to telnet to the Trinoo_Master port and rightly got:
> telnet: Unable to connect to remote host: Connection refused
> and the following in the log:
> Apr 5 13:41:14 xx kernel: Packet log: input REJECT eth0 PROTO=6
> xxx.xxx.xxx.xxx:3215 yyy.yyy.yyy.yyy:27665 L=60 S=0x00 I=49258 F=0x4000
> T=64 SYN (#44)
what type of scan did you run?
if you run it again, do you get the same results?
what does "netstat -ta" on the affected machine give?
--
- Gus
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
