From owner-freebsd-security@FreeBSD.ORG Sun Aug 8 22:49:55 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1159616A4CE for ; Sun, 8 Aug 2004 22:49:55 +0000 (GMT) Received: from mxsf06.cluster1.charter.net (mxsf06.cluster1.charter.net [209.225.28.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD33543D45 for ; Sun, 8 Aug 2004 22:49:54 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip04.cluster1.charter.net (mxip04a.cluster1.charter.net [209.225.28.134])i78MnrG7029400 for ; Sun, 8 Aug 2004 18:49:53 -0400 Received: from 24.247.14.41.gha.mi.chartermi.net (HELO eleanor.spectical.net) (24.247.14.41) by mxip04.cluster1.charter.net with ESMTP; 08 Aug 2004 18:49:45 -0400 X-Ironport-AV: i="3.83,112,1089000000"; d="scan'208"; a="184974888:sNHT12311504" Date: Sun, 8 Aug 2004 18:49:31 -0400 (EDT) From: c0ldbyte To: freebsd-security@freebsd.org In-Reply-To: <20040808120101.B771D16A4D0@hub.freebsd.org> Message-ID: References: <20040808120101.B771D16A4D0@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: freebsd-security Digest, Vol 71, Issue 2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Aug 2004 22:49:55 -0000 > From: Zoran Kolic > Subject: about nmap > To: freebsd-security@freebsd.org > Message-ID: <20040808053526.GA652@kolic.net> > Content-Type: text/plain; charset=us-ascii > > Dear all! > Last evening I've noticed that > my 5.2 box had strange result > about nmap search. One port is > randomly open when I look from > user account. From root everything > looks as expected. The comp is > most time out of internet. The > last thing was adding "expect" > package. I am not paniced, could > be hiting... Or something in > "expect" package... It is random > port from 53000 to 57000. > Has someone any idea? > Best regards. > > ZK > Yes this is going to be one of the ports that nmap uses to relay or recieve information back to the client itself. Everything that has anything to do with analyzing the network is going to open a port to recieve back on and most commonly if its because your noticing that port well scanning from a user account its just because of the nmap software picking that port up and not ignoring it like it should be. This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.