Date: Sun, 8 Aug 2004 18:49:31 -0400 (EDT) From: c0ldbyte <c0ldbyte@myrealbox.com> To: freebsd-security@freebsd.org Subject: Re: freebsd-security Digest, Vol 71, Issue 2 Message-ID: <Pine.LNX.4.61.0408081846150.8050@eleanor.spectical.net> In-Reply-To: <20040808120101.B771D16A4D0@hub.freebsd.org> References: <20040808120101.B771D16A4D0@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Zoran Kolic <kolicz@eunet.yu>
> Subject: about nmap
> To: freebsd-security@freebsd.org
> Message-ID: <20040808053526.GA652@kolic.net>
> Content-Type: text/plain; charset=us-ascii
>
> Dear all!
> Last evening I've noticed that
> my 5.2 box had strange result
> about nmap search. One port is
> randomly open when I look from
> user account. From root everything
> looks as expected. The comp is
> most time out of internet. The
> last thing was adding "expect"
> package. I am not paniced, could
> be hiting... Or something in
> "expect" package... It is random
> port from 53000 to 57000.
> Has someone any idea?
> Best regards.
>
> ZK
>
Yes this is going to be one of the ports that nmap uses to relay or
recieve information back to the client itself. Everything that has
anything to do with analyzing the network is going to open a port
to recieve back on and most commonly if its because your noticing
that port well scanning from a user account its just because of the
nmap software picking that port up and not ignoring it like it should
be.
This e-mail may be privileged and/or confidential, and the sender
does not waive any related rights and obligations. Any distribution, use
or copying of this e-mail or the information it contains by other than an
intended recipient is unauthorized. If you received this e-mail in error,
please advise me (by return e-mail or otherwise) immediately.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.61.0408081846150.8050>