Hi, As I was researching the bind issues on deleuze, I did an nmap to see what ports were open on both of the servers at Peer 1. I am curious about why 27374 seems to be open, as this is the port used by the program "subseven," which, according to google, is used by some script kiddies.
I'm assuming right now that we have this filtered in order to trap people scanning for this port, but I would like to receive confirmation on this for my own peace of mind. Mire also has this port open, along with port 53 for dns (which deleuze is still lacking due to the permissions problems). Nmap scanning results for deleuze from my personal workstation below: [EMAIL PROTECTED] ~]$ nmap deleuze Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-03-29 10:32 EDT Interesting ports on deleuze.hcoop.net (69.90.123.67): Not shown: 1659 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 70/tcp open gopher 111/tcp open rpcbind 113/tcp open auth 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 389/tcp open ldap 445/tcp filtered microsoft-ds 544/tcp open kshell 749/tcp open kerberos-adm 935/tcp open unknown 993/tcp open imaps 995/tcp open pop3s 2105/tcp open eklogin 3306/tcp open mysql 27374/tcp filtered subseven Nmap finished: 1 IP address (1 host up) scanned in 14.537 seconds Also deleuze reports telnet being open, which doesn't seem necessary. Telnetting to the machine gives me the following message (machine being reported as deleuze.phq.org. because of my local network setup): [EMAIL PROTECTED] ~]$ telnet deleuze Trying 69.90.123.67... Connected to deleuze.phq.org (69.90.123.67). Escape character is '^]'. telnetd: No authentication provided. Connection closed by foreign host. _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
