From owner-freebsd-questions Fri Jul 5 19: 0: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AD7D37B400 for ; Fri, 5 Jul 2002 18:59:56 -0700 (PDT) Received: from mx2.melsa.net.id (mx2.melsa.net.id [202.138.224.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4117643E31 for ; Fri, 5 Jul 2002 18:59:52 -0700 (PDT) (envelope-from ekoz@melsa.net.id) Received: from ns2.melsa.net.id (ns2.melsa.net.id [202.138.224.4]) by mx2.melsa.net.id (8.11.3/8.11.3) with ESMTP id g661xlB95019 for ; Sat, 6 Jul 2002 08:59:48 +0700 (JAVT) Received: from tech04 (tech04.melsa.net.id [202.138.225.212]) by ns2.melsa.net.id (8.11.3/8.11.3) with SMTP id g661xkX59670 for ; Sat, 6 Jul 2002 08:59:47 +0700 (JAVT) Message-ID: <002401c22490$ce67e0c0$d4e18aca@melsa.net.id> From: "Eko Suwarsono" To: References: <20020705214752.GA397@kumprang.or.id> Subject: Re: How to fix Trinoo_Master Date: Sat, 6 Jul 2002 08:59:46 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG dear budsz, Trinoo Master and a several "unknown" port will appear, even you never set before. This symptoms will happen if you are using ipfw with "default to deny" policy or using an IDS tools like snort or portsentry. But, this symptoms only appear if you are using nmap portscanning tools. I have the same experience, but i just ignore it..:) except a several port like telnet,ssh and ftp. Nmap trying to conduct a tcp "half-open" connection to all tcp port, from a smallest port to several hundred ports ,so nmap try to give you the best "answer" altough the answer is confusing...:). I suggest you to try using another portscanning tools to compare the result. eko suwarsono ----------------------------------------- use perl; program fulfillment ----- Original Message ----- From: "budsz" To: "freebsd-questions" Sent: Saturday, July 06, 2002 4:47 AM Subject: How to fix Trinoo_Master > I was try scan my box with nmap, and I got open port > does anybody know about fix this troble: > > Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ ) > Interesting ports on kumprang.or.id (202.143.103.229): > (The 1520 ports scanned but not shown below are in state: closed) > Port State Service > 1/tcp open tcpmux > 11/tcp open systat > 15/tcp open netstat > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 53/tcp open domain > 79/tcp open finger > 80/tcp open http > 110/tcp open pop-3 > 111/tcp open sunrpc > 119/tcp open nntp > 143/tcp open imap2 > 540/tcp open uucp > 635/tcp open unknown > 1080/tcp open socks > 1524/tcp open ingreslock > 2000/tcp open callbook > 3306/tcp open mysql > 6667/tcp open irc > 12345/tcp open NetBus > 12346/tcp open NetBus > 27665/tcp open Trinoo_Master > 31337/tcp open Elite > 32771/tcp open sometimes-rpc5 > 32772/tcp open sometimes-rpc7 > 32773/tcp open sometimes-rpc9 > 32774/tcp open sometimes-rpc11 > 54320/tcp open bo2k > > Thanks > > -- > budsz > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message