[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [RaQ3] Port Sentry

Subject: Re: [cobalt-security] [RaQ3] Port Sentry
From: "Chris Bell" <chris@xxxxxxxxxxxxxxx>
Date: Fri, 8 Jun 2001 03:25:47 +1000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

-----Original Message-----
>and is concerned about my security.
>> 31337/tcp  open        Elite


This one is of particular concern. For starters, Elite is a hacker term.
Secondly port 31337 is apparently often used for backdoors.

This is all i'm running, i've tried to get rid of everything i can:

Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
Interesting ports on www.blueskyhost.com (216.234.186.121):
(The 1513 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
25/tcp     open        smtp
80/tcp     open        http
81/tcp     open        hosts2-ns
110/tcp    open        pop-3
143/tcp    open        imap2
443/tcp    open        https
444/tcp    open        snpp
3306/tcp   open        mysql

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=1846523 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds


Get yourself a copy of nmap, learn to use netstat, ps and top to keep an eye
on what's going on on your server. Download chkrootkit and run that. Lots of
info on all this stuff if you search the archives
(http://www.cobalt.com/support/resources).

cb

Prev by Date: [cobalt-security] cgiwrap users
Next by Date: Re: [cobalt-security] cgiwrap users
Previous by thread: RE: [cobalt-security] cgiwrap users
Next by thread: RE: [cobalt-security] [RaQ3] Port Sentry

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index