[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] have I been 0wn3d?
- Subject: Re: [cobalt-security] have I been 0wn3d?
- From: Pete Soderling <pete@xxxxxxxxxxxxx>
- Date: Mon, 16 Sep 2002 18:09:18 -0400 (EDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks all for your help and suggestions. It doesn't look like I have the bugtraq process running, and a netstat as was suggested below didn't turn up any results to udp 2002 listening. I'll be keeping a close eye on the box however, and will followup with a post to the list if I find anything useful out.
many thanks,
--petesoder
That our affections kill us not, nor dye. -- Donne
On Mon, 16 Sep 2002, Sven Golchert wrote:
> hi pete,
>
> Pete Soderling wrote:
>
> > Of course, the fact that I ran Gerald's logfile parser script and
> > returned hits didn't help either.
> >
> > Oh yes, finally ... I did an nmap -sU -p 2002 and found it open. =(
>
> run 'netstat -pln' on your cobalt appliance. if the output doesn't
> report an (unsuspicous) process listening on udp port 2002, i would be
> pretty alarmed.
>
> on the other hand, when i nmapped my Qube yesterday, i found it
> listening on udp port 2002 as well. it turned out later that i would
> only get this result when executing nmap from my firewall. when i
> started nmap from hosts in my DMZ, udp port 2002 on the Qube was
> reported 'closed'. i didn't investigate why nmap from the firewall gave
> a wrong result, but this might be helpful information for you: confirm
> the results of nmap on another host.