Well I did some test on my own port tcp 443 does show on my machine by
nmapping(is this a valid verb?hehe) from other network but when I do
this in the same network it doesnt show at all. netstat does not show
anything. Anyway thanks for the suggestion.
--Rod James
Richard Hector wrote:
On Mon, 2009-06-08 at 16:23 +0800, Rod James Bio wrote:
Hi, I've been wondering about my friends case. Seems that when he
nmapped his machine port 21 is open, but there is no ftp daemon
installed. He tried
"lsof -i :21"
but it did not return anything. He also tried
"netstat -an | grep 21"
also nothing.
So he asked other people and they told him that his machine was hacked.
The lsof and netstat was modified. The port 21 was a backdoor placed by
the hacker. Now I am not really contented with this answers. Any
suggestions?
I wouldn't discount that possibility, but 2 thoughts come to mind:
netstat -lnpt (as root) will give far less redundant info - just what is
listening on tcp ports, including process names - so it's easier to
search through.
Was the nmap run directly on hte same network as the machine in
question? Not through a router, cable modem, or other device that could
have been getting in the way?
Oh, and some others ..
Perhaps running tcpdump on the machine while connecting to it (with nmap
or whatever) will show whether the traffic is actually getting to the
machine?
Oh - and you could try copying on a netstat and/or lsof binary, from
another machine (of the same architecture).
Richard
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
