[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] have I been 0wn3d?

Subject: Re: [cobalt-security] have I been 0wn3d?
From: Sven Golchert <golle@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Sep 2002 22:01:03 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

hi pete,

Pete Soderling wrote:

Of course, the fact that I ran Gerald's logfile parser script andreturned hits didn't help either.
Oh yes, finally ... I did an nmap -sU -p 2002 and found it open. =(

run 'netstat -pln' on your cobalt appliance. if the output doesn'treport an (unsuspicous) process listening on udp port 2002, i would bepretty alarmed.

on the other hand, when i nmapped my Qube yesterday, i found itlistening on udp port 2002 as well. it turned out later that i wouldonly get this result when executing nmap from my firewall. when istarted nmap from hosts in my DMZ, udp port 2002 on the Qube wasreported 'closed'. i didn't investigate why nmap from the firewall gavea wrong result, but this might be helpful information for you: confirmthe results of nmap on another host.


good luck
sven

Follow-Ups:
- Re: [cobalt-security] have I been 0wn3d?
  - From: Pete Soderling

References:
- [cobalt-security] have I been 0wn3d?
  - From: Pete Soderling

Prev by Date: Re: [cobalt-security] have I been 0wn3d?
Next by Date: Re: [cobalt-security] have I been 0wn3d?
Previous by thread: RE: [cobalt-security] have I been 0wn3d?
Next by thread: Re: [cobalt-security] have I been 0wn3d?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index