From owner-freebsd-security Mon Mar 5 17: 6:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from mink.ath.cx (200-191-39-25-as.acessonet.com.br [200.191.39.25]) by hub.freebsd.org (Postfix) with ESMTP id 9696B37B719 for ; Mon, 5 Mar 2001 17:06:11 -0800 (PST) (envelope-from tirloni@techie.com) Received: from mink (mink [127.0.0.1]) by mink.ath.cx (Postfix) with ESMTP id 162F72F9; Mon, 5 Mar 2001 22:08:19 -0300 (BRT) Date: Mon, 5 Mar 2001 22:08:19 -0300 (BRT) From: "Giovanni P. Tirloni" X-X-Sender: To: Cc: Subject: Re: 31337 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks, Just to add some extra info I'd like to say that I've seen nmap reporting such open ports a lot of times while doing port scans on my machines and friend's machines too. Mainly I was certifying myself of which ports I had left open after a _fresh_ install so, IMO, this is something related to nmap itself reporting such ports wrongly and not with any kind of h4x0r 4ct1v1ty. Perhaps, in some way, FreeBSD sends some kind of packet with options that make nmap report it that way. I really don't know. I'm just guessing and as those machines were not connected to the Internet I'm sure that they were not compromised. Another strange thing is that nmap reposts those ports as open only when port scanning throught the LAN/Internet and doesn't report them if I nmap the host from itself (loopback). Looks too abstract for me too. If could send us more info about the actual situation of his machine (if it was a fresh install, if it has many users, etc) that would clarify the story. Just my two cents. -- Giovanni Picoli Tirloni tirloni@techie.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message