All, Not long after my last message to the list last night re: open ports, I was chatting on IRC and got an email message from logcheck re: a system attack. It appeared from the message that the attack had been repelled; however, now when I run nmap, I get this:
Interesting ports on localhost (127.0.0.1): Port State Protocol Service 1 open tcp tcpmux 11 open tcp systat 15 open tcp netstat 22 open tcp ssh 25 open tcp smtp 53 open tcp domain 79 open tcp finger 111 open tcp sunrpc 119 open tcp nntp 143 open tcp imap2 540 open tcp uucp 635 open tcp unknown 1080 open tcp socks 1524 open tcp ingreslock 2000 open tcp callbook 6667 open tcp irc 12345 open tcp NetBus 12346 open tcp NetBus 31337 open tcp Elite 32771 open tcp sometimes-rpc5 32772 open tcp sometimes-rpc7 32773 open tcp sometimes-rpc9 32774 open tcp sometimes-rpc11 What the hell *are* these things and how did they suddenly blast open after I had shut down all but three? I have changed nothing - and when I check inetd.conf and the other directories I edited, they are still the same. Ex: I commented out finger ages ago ... it's still commented out and yet now there's an open port. Thx, Glenn Becker Online Producer, Community SCIFI.COM
