On Tuesday 17 January 2006 19:27, Micheal Patterson pondered: > > The 1663 ports scanned but not shown below are in state: filtered) > > PORT STATE SERVICE > > 80/tcp open http > > 554/tcp open rtsp > > 1755/tcp open wms > > 5190/tcp open aol > > Kilian, what does a sockstat show you on those systems and are there any > nats on either of these systems that would have a redirect_address to > something behind them?
sockstat -4l only shows up the processes serving the LAN (dnsmasq, samba) as well as sshd: USER COMMAND PID FD PROTOLOCAL ADDRESS FOREIGN ADDRESS root smbd 484 18 tcp4 192.168.133.1:445 *:* root smbd 484 19 tcp4 192.168.133.1:139 *:* root nmbd 480 6 udp4 *:137 *:* root nmbd 480 7 udp4 *:138 *:* root nmbd 480 8 udp4 192.168.133.1:137 *:* root nmbd 480 9 udp4 192.168.133.1:138 *:* nobody dnsmasq 458 1 udp4 *:56212 *:* nobody dnsmasq 458 3 udp4 *:53 *:* nobody dnsmasq 458 4 tcp4 *:53 *:* nobody dnsmasq 458 5 udp4 *:67 *:* root sshd 432 3 tcp4 *:22 *:* root syslogd 311 4 udp4 *:514 *:* So nothing suspect at all here. Yes, the systems are natted(with above system LAN on 192.168.133.0/24), using ppp -nat. I have no specific redirects set up, and only a "allow tcp/udp from LAN to WAN/any setup keep-state" dynamic rule, but that should be unrelated. If my server is not compromised, how the heck could an http/rtsp/wms/aol redirect sneak in there without me explicitly enabling it? -- Kilian Hagemann Climate Systems Analysis Group University of Cape Town Republic of South Africa Tel(w): ++27 21 650 2748 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"