on Wed, Jan 29, 2003 at 10:15:23AM -0600, Kent West ([EMAIL PROTECTED]) wrote: > Rob Weir wrote: > >On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote: > > > >>I just ran the command "sudo nmap -sT -sU localhost" which listed the > >>following:
> >>12345/tcp open NetBus > >>12346/tcp open NetBus > >>27665/tcp open Trinoo_Master > >>31335/udp open Trinoo_Register > >>Should I be concerned, or is this maybe part of portsentry or something > >>similar? > Looks like it may just be part of portsentry. Thanks! > > >westek[westk]:/home/westk> sudo netstat -ntuple > >Active Internet connections (only servers) > >Proto Recv-Q Send-Q Local Address Foreign Address > >State User Inode PID/Program name > >tcp 0 0 0.0.0.0:1 0.0.0.0:* > >LISTEN 0 2168 701/portsentry > >tcp 0 0 0.0.0.0:20034 0.0.0.0:* > >LISTEN 0 2201 701/portsentry > >tcp 0 0 0.0.0.0:32771 0.0.0.0:* One of the annoying aspects of portsentry is that it opens the ports it listens on. This can lead to false-positive alerts when scanning your own systems. Snort is another package which detects traffic on ports but doesn't open them. I'd recommend it as an alternative. Peace. -- Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? The Amazon "one-click" patent boycott -- yes, it continues: http://www.fsf.org/philosophy/amazon.html#whyContinue -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]