Steve Juranich <[EMAIL PROTECTED]> wrote on 28/09/2000 (00:57) : > Well, I wasn't paying a whole lot of attention and I had every unnecessary > port closed... or so I thought. I was still running the portmapper. So > when I ssh'd home today and nmapped myself, a couple of mysterious processes > popped up. > > To begin with: I nmapped my box and saw, much to my dismay: > > Port State Protocol Service > 22 open tcp ssh > 111 open tcp sunrpc > 515 open tcp printer > 1527 open tcp tlisrv > 6000 open tcp X11
If you go to http://www.snort.org under Port Search you can find out what the ports are used for. It says oracle for 1527, but nothing for 2027 > I plan on removing nntp from my box immediately, since I don't use my box as > a server in any way. Can anybody please explain to me what's going on? > Has my box been compromised? What do I do? Whipe the disc(s) clean and reinstall. Install snort + possibly firewall. Then set in /etc/hosts.deny : ALL: ALL and in /etc/hosts.allow you put in the addresses you trust. It's a start at least. -- Preben Randhol - Ph.D Student - http://www.pvv.org/~randhol/ ._. Debian 2.2 |"Don't think about domination, think about freedom, / _,\ Potato | it doesn't dominate." - Richard M. Stallman | (_./ GNU/Linux | To learn more visit => http://www.debian.org/ \,
