Date: Fri, 23 Nov 2001 10:35:52 +1300 From: "Geoff Lawn" <lawngf@ihug.co.nz> To: "Mike Silbersack" <silby@silby.com> Cc: <security@freebsd.org> Subject: Re: Unknown transient service 1528/tcp Message-ID: <007b01c1739d$b0673ca0$24e7adcb@lawn> References: <20011121222647.O2710-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Mike, > Were you nmapping the machine nmap was running on? You sometimes catch > the port nmap is running the scan from when doing it that way, if I recall > correctly. Yes, I was running "nmap localhost". I did a sockstat while nmap was running, and it looks like nmap choses a random port to use for each sequential port test. So I guess it's possible nmap chose a random port to use to test the same port number, and thus saw the port as being open! Thanks for your help, Geoff > > On Thu, 22 Nov 2001, Geoff Lawn wrote: > > > Hi there, > > > > I regularly do an nmap on our server with the following results... > > > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 25/tcp open smtp > > 110/tcp open pop-3 > > 443/tcp open https > > > > Recently I noticed the following service appear... > > 1528/tcp open mciautoreg > > > > I did another nmap a minute later and the service was no longer there. > > > > Does anyone know what this might be? > > Have I been hacked?? > > > > Thanks, > > Geoff > > > Mike "Silby" Silbersack > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007b01c1739d$b0673ca0$24e7adcb>