|
Security Basics
Data Interpretation Mar 16 2009 08:27PM Michael Lynch (mlynch1212 msn com) (7 replies) Re: Data Interpretation Mar 17 2009 04:44AM Ï?â??Ï?Æ?ιÏ? * (tas0584 gmail com) (2 replies) RE: Data Interpretation Mar 17 2009 08:18PM David Gillett (gillettdavid fhda edu) (1 replies) Re: Data Interpretation Mar 18 2009 07:17PM Ansgar Wiechers (bugtraq planetcobalt net) (1 replies) |
|
|
Privacy Statement |
Windows box? The Service listed is what typically runs on these ports
(Sub7, Netbus, etc) and, in the case of Sub7 and Netbus, these are
Windows backdoors not Linux.
As others have said, the connection attempt was Filtered either by
your ISP or a firewall. NMAP couldn't determine one way or another
whether this port was actually open. Any attempt to connect to these
ports via telnet will also be filtered, and thus, most likely, fail.
If you are concerned with the scan results and have the appropriate
access to the machine, you may want to run netstat, or lsof (on the
machine itself) to determine if something is listening on those ports.
On Mon, Mar 16, 2009 at 4:27 PM, Michael Lynch <mlynch1212 (at) msn (dot) com [email concealed]> wrote:
>
> Hello,
>
> First of all let me start by saying that
> I have 4 days of experience with nmap
>
> Last week a friend suggested that I download
> and try nmap, at his suggestion I tried nmap
> and found it very interesting.
> After installation I tried a scan on a Linux computer
> that I have, to test it out.
> I found a few results that caught my eye, but I
> cannot correctly interpret the results.
> Could someone help me with the interpretation?
>
>
>
> Here is what is in question!
>
> Port Protocol State Service
>
> 12345 tcp filtered netbus
> 27374 tcp filtered subseven
> 31337 tcp filtered Elite
>
>
> Here is the command that I used:
> nmap -PE -v -p1-65535 -PA21,23,80,3389 -A -T4 xxx.xxx.xxx.xxx (XXX.= my IP address)
>
> I initiated this scan using the Zenmap GUI
>
> I know that all the services listed here are backdoor style breaches,
> but does this mean that the machine has been infected by these or
> that there has been an attempted attack with these?
> Could someone please help me with this?
>
>
> Thanks in advance,
> Michael
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
[ reply ]