[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [RaQ3] Port Sentry
- Subject: Re: [cobalt-security] [RaQ3] Port Sentry
- From: "Chris Bell" <chris@xxxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2001 03:25:47 +1000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----Original Message-----
>and is concerned about my security.
>> 31337/tcp open Elite
This one is of particular concern. For starters, Elite is a hacker term.
Secondly port 31337 is apparently often used for backdoors.
This is all i'm running, i've tried to get rid of everything i can:
Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
Interesting ports on www.blueskyhost.com (216.234.186.121):
(The 1513 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop-3
143/tcp open imap2
443/tcp open https
444/tcp open snpp
3306/tcp open mysql
TCP Sequence Prediction: Class=random positive increments
Difficulty=1846523 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
Get yourself a copy of nmap, learn to use netstat, ps and top to keep an eye
on what's going on on your server. Download chkrootkit and run that. Lots of
info on all this stuff if you search the archives
(http://www.cobalt.com/support/resources).
cb