Kjetil Kjernsmo <[EMAIL PROTECTED]> writes: > >The fact they don't show up when you do a local scan confirms this. > >These services aren't running on your machine. > > So, what you're saying is that all this alarm is for no good reason...? > There has been no l337 h4X0rz trying to get into my box....? Well, that > would be really be good news! Of course, it will not make me stop reading > about how to secure the box.
There is still an outside chance you have either a) a tcp listener on only the external interface that's only started in response to an ICMP ping of specific content/length and/or b) some very dodgy (probably LKM-based) trojan that's either deflecting nmap and/or netstat calls and/or however, the chances of this are slimmer than I am paranoid. I'd say you should be grateful to have got away lightly - kill listeners you're not using, firewall it with iptables[0] and sort out your nIDS - the chances are you'll soon find out if you're haemoraghing evil scans or anything. [0] I have a simple enough starter script floating around at <http://spodzone.org.uk/packages/secure/iptables.sh> if it helps at all - no doubt others have their own approaches, but at least mine has no gui requirements other than $EDITOR ;) ATB, ~Tim -- <http://spodzone.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
