Date: Tue, 17 Jan 2006 11:27:18 -0600 From: "Micheal Patterson" <micheal@tsgincorporated.com> To: "Kilian Hagemann" <hagemann1@egs.uct.ac.za>, <freebsd-questions@freebsd.org> Subject: Re: Have I been hacked or is nmap wrong? Message-ID: <078501c61b8b$478265d0$4df24243@tsgincorporated.com> References: <200601171907.17831.hagemann1@egs.uct.ac.za>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Kilian Hagemann" <hagemann1@egs.uct.ac.za> To: <freebsd-questions@freebsd.org> Sent: Tuesday, January 17, 2006 11:07 AM Subject: Have I been hacked or is nmap wrong? > Hi there, > > I'm managing two FreeBSD based gateways, one running 5.2.1-RELEASE and the > other 5.3-STABLE, both not having been updated since I installed from ISO > images. They both have custom ipfw firewalls that are dropping pretty much > everything that's not supposed to come in. > > All was fine and dandy until one day I noticed that when I nmap'ed them > from > the outside, the one shows > > The 1663 ports scanned but not shown below are in state: filtered) > PORT STATE SERVICE > 80/tcp open http > 554/tcp open rtsp > 1755/tcp open wms > 5190/tcp open aol > Kilian, what does a sockstat show you on those systems and are there any nats on either of these systems that would have a redirect_address to something behind them? -- Micheal Patterson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?078501c61b8b$478265d0$4df24243>