Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Jul 2002 08:59:46 +0700
From:      "Eko Suwarsono" <ekoz@melsa.net.id>
To:        <freebsd-questions@freebsd.org>
Subject:   Re: How to fix Trinoo_Master
Message-ID:  <002401c22490$ce67e0c0$d4e18aca@melsa.net.id>
References:  <20020705214752.GA397@kumprang.or.id>
next in thread | previous in thread | raw e-mail | index | archive | help 
dear budsz,
 Trinoo Master and a several "unknown" port will appear, even you never set
before. This symptoms will happen if you are using ipfw with "default to
deny" policy or using an IDS tools like snort or portsentry. But, this
symptoms only appear if you are using nmap portscanning tools. I have the
same experience, but i just ignore it..:) except a several port like
telnet,ssh and ftp.
Nmap trying to conduct a tcp "half-open" connection to all tcp port, from a
smallest port to several hundred ports ,so nmap try to give you the best
"answer" altough the answer is confusing...:).
I suggest you to try using another portscanning tools to compare the result.

eko suwarsono
-----------------------------------------
use perl;
program fulfillment
----- Original Message -----
From: "budsz" <budsz@kumprang.or.id>
To: "freebsd-questions" <freebsd-questions@FreeBSD.ORG>
Sent: Saturday, July 06, 2002 4:47 AM
Subject: How to fix Trinoo_Master


> I was try scan my box with nmap, and I got open port
> does anybody know about fix this troble:
>
> Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
> Interesting ports on kumprang.or.id (202.143.103.229):
> (The 1520 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 1/tcp      open        tcpmux
> 11/tcp     open        systat
> 15/tcp     open        netstat
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 53/tcp     open        domain
> 79/tcp     open        finger
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 111/tcp    open        sunrpc
> 119/tcp    open        nntp
> 143/tcp    open        imap2
> 540/tcp    open        uucp
> 635/tcp    open        unknown
> 1080/tcp   open        socks
> 1524/tcp   open        ingreslock
> 2000/tcp   open        callbook
> 3306/tcp   open        mysql
> 6667/tcp   open        irc
> 12345/tcp  open        NetBus
> 12346/tcp  open        NetBus
> 27665/tcp  open        Trinoo_Master
> 31337/tcp  open        Elite
> 32771/tcp  open        sometimes-rpc5
> 32772/tcp  open        sometimes-rpc7
> 32773/tcp  open        sometimes-rpc9
> 32774/tcp  open        sometimes-rpc11
> 54320/tcp  open        bo2k
>
> Thanks
>
> --
> budsz
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002401c22490$ce67e0c0$d4e18aca>