--- On Mon, 3/16/09, Michael Lynch <[email protected]> wrote: > Here is the command I used to do a scan > > nmap -PE -v -p1-65535 -PA21,23,80,3389 -A -T4 > xxx.xxx.xxx.xxx > > I initiated this scan using the Zenmap GUI > According to the scan It was an Intense Scan of all the > ports > What caught my attention is the fact these three ports were > specifically named with the services listed. All three of > these services > are backdoor services. > Does this signify a breach? > > Thanks, > Michael
No. It does not indicate a breach in most cases. Those port numbers are associated with some Windows-based worms so it is routine to check for them. Whoever set up the firewall wanted to be sure that they were specifically blocked. Others have already defined the open, closed, filtered values for the nmap output. Of course, someone nasty might wright a program which would look closed or filtered for the first couple of nmap inquiries and only open under certain conditions (source IP, etc.). Like anything else, nmap is just a tool. Use it well and understand its limits. James -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
