Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second

From: alfaentomega <alfaentomega () yahoo com>
Date: Fri, 27 Dec 2002 00:36:29 -0800 (PST)

--- Rob Shein <shoten () starpower net> wrote:

Just to let you know, scanning localhost with nmap produces strange
results usually.  Try scanning from another node before you go any
further.


I asked someone else to scan me. He told me that he doesn't see (and
has never seen) such ports on his machine and that he doesn't see
anything on mine, but after a while he found few random open ports on
my host. I suppose it was because I was scanning myself at the same
time, but when he told me that I indeed had open ports and that I
should start comparing my /proc to ps output, I was sure I had been
compromised. Now I know everything, thanks to Fyodor's answer.

Thanks.
-Alfaentomega.


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: