Security Basics mailing list archives
RE: Data Interpretation
From: Javier Becerra <JBecerra () newnetsa com>
Date: Mon, 16 Mar 2009 17:01:03 -0500
Hi Michael. Several malware programs are using ports for communication purposes with attackers. In the example you show us, NMAP find the SUBSEVEN, NETBUS and Elite default ports, but its state are "Filtered", what it means any kind of firewall or router is blocking them, so you don´t worry about it.If these ports were in "Open" state, you were in big trouble. Javier Becerra Garavito Senior Security Consultant NewNet S.A. Tel. (57) 4173400 Ext. 1221 Fax: 57) 4173400 Ext. 136 Móvil: (57) 3105757390 Av. Calle 17 Nº 60-72 -----Mensaje original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Michael Lynch Enviado el: Lunes, 16 de Marzo de 2009 03:28 p.m. Para: security-basics () securityfocus com Asunto: Data Interpretation Hello, First of all let me start by saying that I have 4 days of experience with nmap Last week a friend suggested that I download and try nmap, at his suggestion I tried nmap and found it very interesting. After installation I tried a scan on a Linux computer that I have, to test it out. I found a few results that caught my eye, but I cannot correctly interpret the results. Could someone help me with the interpretation? Here is what is in question! Port Protocol State Service 12345 tcp filtered netbus 27374 tcp filtered subseven 31337 tcp filtered Elite Here is the command that I used: nmap -PE -v -p1-65535 -PA21,23,80,3389 -A -T4 xxx.xxx.xxx.xxx (XXX.= my IP address) I initiated this scan using the Zenmap GUI I know that all the services listed here are backdoor style breaches, but does this mean that the machine has been infected by these or that there has been an attempted attack with these? Could someone please help me with this? Thanks in advance, Michael ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ "Este mensaje es confidencial, puede contener información privilegiada y no puede ser usado ni divulgado por personas distintas de su destinatario. Si obtiene esta transmisión por error, por favor destruya su contenido y avise al remitente. Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito. Este mensaje ha sido sometido a programas antivirus. No obstante, NewNet S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos. -------------------------------------------------------------------------------- This message is confidential and may contain privileged information, it may not be used or disclosed by any person other than the individual to whom it is addressed. If obtained in error, please destroy the information received and contact the sender. Its retention, recording, use or distribution with any intention are prohibited. This message has been tested by antivirus software. Nonetheless, NewNet S.A. assumes no responsibility for damages caused by the receipt or use of the material, given that it is the responsibility of the addressee to verify by his own means the presence of a virus or any other harmful defect." ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Data Interpretation Michael Lynch (Mar 16)
- RE: Data Interpretation Javier Becerra (Mar 17)
- Re: Data Interpretation Derek Robson (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation Alexis Grigoriou (Mar 17)
- Re: Data Interpretation τ∂υƒιφ * (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 17)
- RE: Data Interpretation David Gillett (Mar 17)
- Re: Data Interpretation Ansgar Wiechers (Mar 19)
- RE: Data Interpretation David Gillett (Mar 20)
- Re: Data Interpretation Ansgar Wiechers (Mar 24)