Hi all,
Todays nmap run shows me:
Interesting ports on (xx):
(The 59984 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp openftp
22/tcp openssh
25/tcp opensmtp
also sprach Michelle Konzack <[EMAIL PROTECTED]> [2002.09.14.1334 +0200]:
> It may be a very big security problem...
at least i can't reproduce that on a grsecurity 1.9.6 enabled kernel.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto
On Fri, Sep 06, 2002 at 12:16:39PM +0200, Ramin Motakef wrote:
> Hi all,
> Todays nmap run shows me:
>
> Interesting ports on (xx):
> (The 59984 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp openftp
> 22/tcp
Kristof Goossens <[EMAIL PROTECTED]> writes:
> However, I am still wondering why the port showed up in the
> nmap-output in the first place.
I have seen nmap behaving very strange. I just had to scan my host
again and again in a loop and after some time I had a funny list of
"open" ports; looked
- Original Message -
From: "Ramin Motakef" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 06, 2002 12:16 PM
Subject: port 6051: hacked?
> Hi all,
> Todays nmap run shows me:
>
> Interesting ports on (xx):
> (The 59984 ports scanned but not shown bel
to be totally sure, sniff and see which ICMP it returns if any ..
On Fri, Sep 06, 2002 at 02:46:22PM +0200, Nikolay Hristov wrote:
>
> - Original Message -
> From: "Ramin Motakef" <[EMAIL PROTECTED]>
> To:
> Sent: Friday, September 06, 2002 12:16
On Fri, Sep 06, 2002 at 12:16:39PM +0200, Ramin Motakef wrote:
> Hi all,
> Todays nmap run shows me:
>
> Interesting ports on (xx):
> (The 59984 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp openftp
> 22/tcp
A followup from myself:
First,
thanks for all the answers.
To summarise:
neither lsof, nor netstat or fuser gave a sign that any program on my
server listens on that port. I have aide running on this machine so i
am quite sure that the the programs are intact.
>From what Kristof Goossens and N
More information would be helpful, but here is what I've seen on my
systems
If I run nmap on my system to my outside interface, I get what I expect
(known running services), but when I run nmap from my friends system, I
also get to see all the other services that are being run by my ISP. If
yo
On Fri, Sep 06, 2002 at 04:28:13PM +0200, Ramin Motakef wrote:
> A followup from myself:
>
> First,
> thanks for all the answers.
> To summarise:
>
> neither lsof, nor netstat or fuser gave a sign that any program on my
> server listens on that port. I have aide running on this machine so i
> am
On Sat, 07 Sep 2002 at 10:16:22AM +1000, Jean-Francois Dive wrote:
> at the system call level. Some are really difficult to see, they dump
> the binary on the disk only when they need them then erase them etc..
If they create a file in a directory watched by tripwire (fools) they will
change the in
also sprach Phillip Hofmeister <[EMAIL PROTECTED]> [2002.09.07.2008 +0200]:
> If they create a file in a directory watched by tripwire (fools) they will
> change the inode (date) on that directory and tripwire will flag it. Granted
> they could make a file in /tmp (which most sane people with trip
Quoting martin f krafft ([EMAIL PROTECTED]):
> which is why /tmp is mounted with noexec, just like /home
Well, so much for ~/bin directories.
--
Cheers, "Azathoth need not be present to win."
Rick Moen -- Charles O. Baucum, Jr.
On Sun, 8 Sep 2002, martin f krafft wrote:
> which is why /tmp is mounted with noexec, just like /home
try putting any binary, as a test, in /tmp, e.g. copy /bin/ls to
/tmp/testexe. Then issue the command
/lib/ld-linux.so.2 /tmp/testexe
to see how (little) useful the noexe option is...
Bye
Gia
also sprach Giacomo Mulas <[EMAIL PROTECTED]> [2002.09.08.0746 +0200]:
> try putting any binary, as a test, in /tmp, e.g. copy /bin/ls to
> /tmp/testexe. Then issue the command
>
> /lib/ld-linux.so.2 /tmp/testexe
>
> to see how (little) useful the noexe option is...
i feel dizzy. thanks for lett
anyway, the best place is not /tmp but
/var/log/whatever_far_away_in_the_hierarchy
, change too much with log to keep tripwire to check, mounted as standard
partition
on most of the systems ...
On Sun, Sep 08, 2002 at 02:15:25AM +0200, martin f krafft wrote:
> also sprach Phillip Hofmeister <[
Hello,
Am 07:46 08/09/02 +0200 hat Giacomo Mulas geschrieben:
>
>On Sun, 8 Sep 2002, martin f krafft wrote:
>
>> which is why /tmp is mounted with noexec, just like /home
Uff, - in the standard installation the /tmp is mountet with
'defaults' and I can execute all in it. (as user too)
OK, I ha
On Sat, Sep 14, 2002 at 01:34:13PM +0200, Michelle Konzack wrote:
> >try putting any binary, as a test, in /tmp, e.g. copy /bin/ls to
> >/tmp/testexe. Then issue the command
> >
> >/lib/ld-linux.so.2 /tmp/testexe
>
> Oops Why is it ???
Because that's how ld.so works. It's an ELF interpreter
also sprach Michelle Konzack <[EMAIL PROTECTED]> [2002.09.14.1334 +0200]:
> It may be a very big security problem...
at least i can't reproduce that on a grsecurity 1.9.6 enabled kernel.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:
19 matches
Mail list logo
