Paul Slootman <[EMAIL PROTECTED]> wrote: > On Mon 01 Oct 2001, Morten Bo Johansen wrote: > > > > Running nmap on the localhost produces among others this line > > of output: > > > > 8081/tcp open blackice-icecap > > > > lsof shows that wwwoffled is behind this service > > Most of us here could have told you that without the aid of lsof :-)
Well, in a sense it was superflous. > > What is blackice-icecap..? > > It's probably one of the hundreds of possible trojan horses. For a long > list, visit http://www.nethog.com/feeds/niteryder/trojans.htm (although > this one isn't listed). It just means that someone somewhere has once > found a trojan program listening on port 8081. It doesn't mean that > having port 8081 accepting incoming connections is by definition > dangerous; in this case you and I know that it's wwwoffled, and not > blackice-icecap, so ignore it. I am not quite sure that I still understand why nmap gets it wrong.. > To be a bit brutal: it's not much use running security checks if you > don't understand what they tell you... Invest in some time researching > the background of such tools and why they exist first. You're not brutal, you're just LART'ing me a little bit. ;-) It is slightly beyond a simple RTFM, though, and my incentive to spend a lot of time reading about security is somewhat limited as long as I am on a dial-up connection with a standalone machine but I will delve into it sometime. Thanks for your answer. Regards, Morten -- "People often applaud an imitation and then sneer at the real thing."
