Date: Wed, 23 Jan 2002 11:42:42 -0500 From: "fla wire" <mdewar@florida-wireless.com> To: "FreeBSD Questions" <FreeBSD-Questions@FreeBSD.ORG> Subject: Backdoors/hacks and others. Message-ID: <001901c1a42c$fb4c4340$19a8a8c0@mdd>
next in thread | raw e-mail | index | archive | help
Hello, Portsentry is saying my machine is attacking one of my computers on port 161. Jan 23 09:22:29 games portsentry[334]: attackalert: Connect from host: 208.62.145.45/208.62.145.45 to UDP port: 161 I did a search on port 161 and it says its for snmp. I do not have any snmp programs running on either machine. This is my NT machine I use to surf,grab emails etc. No servers running on it either. This got my paranoid cuz I was hacked with the adorebsd on freebsd machine several months ago. So using NmapNT I scanned each machine. Nothing was found out of the ordinary on the machine that is "attacking" in the above message. Scanning two freebsd machines NmapNT says that ports 12345, 12346 are open with NetBus. Also that 31337 are open with Elite. I did google searches and went to several sites and they all said that these are windows only hacks. Also that on port 27665 trinoo_master is listed as open. I have gone to several sites like the http://www.fedcirc.gov/ and done what any site has said to determine if ther e is these things on my systems but I can not find them. I could use some help as I am a unix newbie and sure that I am missing or not looking in the right places. Hopefully just over paranoid. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001901c1a42c$fb4c4340$19a8a8c0>