On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: > I just ran the command "sudo nmap -sT -sU localhost" which listed the > following: > > . . . > > 12345/tcp open NetBus > 12346/tcp open NetBus > 27665/tcp open Trinoo_Master > 31335/udp open Trinoo_Register > 31337/tcp open Elite > 31337/udp open BackOrifice > 32770/udp open sometimes-rpc4 > > . . . > > > > Should I be concerned, or is this maybe part of portsentry or something > similar?
No idea. nmap, amazing as it is, isn't the only tool you need though. Try running 'netstat -ntuple' to see which programs are actually listening, according to the kernel. Of course, netstat could have been replaced with a trojaned version, and your kernel could have been messed with, but, otherwise it'll show you what programs are listening on your ports... -rob
msg27149/pgp00000.pgp
Description: PGP signature
