From owner-freebsd-security Wed Nov 21 20:27:48 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id ECA9937B417 for ; Wed, 21 Nov 2001 20:27:43 -0800 (PST) Received: (qmail 3375 invoked by uid 1000); 22 Nov 2001 04:27:43 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Nov 2001 04:27:43 -0000 Date: Wed, 21 Nov 2001 22:27:43 -0600 (CST) From: Mike Silbersack To: Geoff Lawn Cc: Subject: Re: Unknown transient service 1528/tcp In-Reply-To: <020801c1730b$8cd21fe0$41414fcb@lawn> Message-ID: <20011121222647.O2710-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 22 Nov 2001, Geoff Lawn wrote: > Hi there, > > I regularly do an nmap on our server with the following results... > > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 110/tcp open pop-3 > 443/tcp open https > > Recently I noticed the following service appear... > 1528/tcp open mciautoreg > > I did another nmap a minute later and the service was no longer there. > > Does anyone know what this might be? > Have I been hacked?? > > Thanks, > Geoff Were you nmapping the machine nmap was running on? You sometimes catch the port nmap is running the scan from when doing it that way, if I recall correctly. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message