On Sun, Feb 18, 2001 at 10:32:58AM -0500, Glenn Becker wrote: > What the hell *are* these things and how did they suddenly blast open > after I had shut down all but three? I have changed nothing - and when I > check inetd.conf and the other directories I edited, they are still the > same. Ex: I commented out finger ages ago ... it's still commented out and > yet now there's an open port.
Well, either a) You've been cracked in a big way or b) You're running portsentry I suspect that b is the more likely case. portsentry works by listening on otherwise unused ports and reporting any attempts to connect to them as potential attacks. If you use it and you want to run a meaningful portscan on your box, you should shut down portsentry while performing the scan. (One of the sysadmins at my last job got an nmap result like that back and just about had a heart attack. Then, after half an hour of trying to figure out how the box had been cracked, he remembered portsentry...) -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+
