Security Basics mailing list archives

Re: Hack?

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Tue, 1 Jul 2003 12:56:40 +0200

On 2003-06-28 Linux Security <lisec () ooty tenet res in> wrote:

My redhat 7.2 is getting hacked very frequently even i got a
firewall.appended bellow is the nmap output. What may be the loophole?

% nmap  -sA 202.xxx.xxx.xxx
Initiating ACK Scan against isp.com ()
The ACK Scan took 275 seconds to scan 1542 ports.
Interesting ports on isp.com ():
(The 1538 ports scanned but not shown below are in state: filtered)
Port       State       Service
25/tcp     UNfiltered  smtp
53/tcp     UNfiltered  domain
80/tcp     UNfiltered  http
443/tcp    UNfiltered  https


It could be any or none of the above.

You scanned only 1542 TCP ports. I suggest you run a full TCP and UDP
scan first (man nmap), to see if there are other open ports than the
above, and then supply the list with information on what version of what
program you are running on the open ports.

BTW you *are* doing the scan from somewhere outside your network, aren't
you?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

RE: Hack? Carpio, Brian (Jul 02)
- <Possible follow-ups>
- Re: Hack? ATD (Jul 02)
- Re: Hack? Mitchell Rowton (Jul 02)
- Re: Hack? Ryan (Jul 02)
- Re: Hack? chort (Jul 02)
- Re: Hack? episodes (Jul 02)
- Re: Hack? Rod Green (Jul 02)
- Re: Hack? Ansgar Wiechers (Jul 02)