On Mon 01 Oct 2001, Morten Bo Johansen wrote: > > Running nmap on the localhost produces among others this line > of output: > > 8081/tcp open blackice-icecap > > lsof shows that wwwoffled is behind this service
Most of us here could have told you that without the aid of lsof :-) > What is blackice-icecap..? It's probably one of the hundreds of possible trojan horses. For a long list, visit http://www.nethog.com/feeds/niteryder/trojans.htm (although this one isn't listed). It just means that someone somewhere has once found a trojan program listening on port 8081. It doesn't mean that having port 8081 accepting incoming connections is by definition dangerous; in this case you and I know that it's wwwoffled, and not blackice-icecap, so ignore it. To be a bit brutal: it's not much use running security checks if you don't understand what they tell you... Invest in some time researching the background of such tools and why they exist first. Paul Slootman
