Does nmap claim there is actually something listening on port 21 or is it that the port is simply not "stealthed"? Post the actual nmap output. Some security sites (such as www.grc.com) make the (IMHO bogus) claim that not having all ports "stealthed" is a security risk. Your friend may have seen this and misunderstood.
Rod writes: > So he asked other people and they told him that his machine was > hacked. The lsof and netstat was modified. The port 21 was a backdoor > placed by the hacker. It does not seem plausible that a cracker would install a rootkit that would listen on the standard port. Do you have any reason to believe that these other people know what they are talking about? -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
