Dave, Wow. As a matter of fact, I *am* running portsentry.
I take it then that running portsentry is not in itself a risk ... Thanks for helping me avert my own coronary. ":-) Glenn Becker Online Producer, Community SCIFI.COM At 10:45am on Sun, 18 Feb 2001, Dave Sherohman wrote: > On Sun, Feb 18, 2001 at 10:32:58AM -0500, Glenn Becker wrote: > > What the hell *are* these things and how did they suddenly blast open > > after I had shut down all but three? I have changed nothing - and when I > > check inetd.conf and the other directories I edited, they are still the > > same. Ex: I commented out finger ages ago ... it's still commented out and > > yet now there's an open port. > > Well, either > > a) You've been cracked in a big way > > or > > b) You're running portsentry > > I suspect that b is the more likely case. portsentry works by listening on > otherwise unused ports and reporting any attempts to connect to them as > potential attacks. If you use it and you want to run a meaningful portscan > on your box, you should shut down portsentry while performing the scan. (One > of the sysadmins at my last job got an nmap result like that back and just > about had a heart attack. Then, after half an hour of trying to figure out > how the box had been cracked, he remembered portsentry...) > > -- > SGI products are used to create the 'Bugs' that entertain us in theatres > and at home. - SGI job posting > Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+ > !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
