Strange, my nmap looks like this: nmap -p 1-40000 deleuze.hcoop.net
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-03-29 18:46 CEST Interesting ports on deleuze.hcoop.net (69.90.123.67): Not shown: 39984 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 70/tcp open gopher 111/tcp open rpcbind 113/tcp open auth 389/tcp open ldap 749/tcp open kerberos-adm 935/tcp open unknown 993/tcp open imaps 995/tcp open pop3s 1053/tcp open unknown 2105/tcp open eklogin 2222/tcp open unknown 3306/tcp open mysql Nmap finished: 1 IP address (1 host up) scanned in 425.651 seconds nmap mire.hcoop.net Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-03-29 18:54 CEST Interesting ports on 69.90.123.68: Not shown: 1673 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 113/tcp open auth 443/tcp open https 875/tcp open unknown Nmap finished: 1 IP address (1 host up) scanned in 36.929 seconds There's no mention of the subseven port.. And nothing is bound to it on deleuze. (sudo fuser -v -n tcp PORT ). I also downloaded and ran chkrootkit (something I do periodically on all machines), and there's nothing suspicious. Is it possible that you somehow misinterpreted the results? Say, by your workstation's strange interaction with firewalls/whatever on your outgoing link ? If you run the scan again, and you see the same things, then it's a quirk on your end. > Also deleuze reports telnet being open, which doesn't seem necessary. > Telnetting to the machine gives me the following message (machine being > reported as deleuze.phq.org. because of my local network setup): > > [EMAIL PROTECTED] ~]$ telnet deleuze > Trying 69.90.123.67... > Connected to deleuze.phq.org (69.90.123.67). > Escape character is '^]'. > telnetd: No authentication provided. > Connection closed by foreign host. Disabled in inetd.conf, along with kshell and klogin.. I am not sure but those might have been enabled when you installed openbsd-inetd. -doc _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
