Have I been hacked or is nmap wrong?
Micheal Patterson
micheal at tsgincorporated.com
Tue Jan 17 16:22:43 PST 2006
----- Original Message -----
From: "Kilian Hagemann" <hagemann1 at egs.uct.ac.za>
To: <freebsd-questions at freebsd.org>
Sent: Tuesday, January 17, 2006 11:07 AM
Subject: Have I been hacked or is nmap wrong?
> Hi there,
>
> I'm managing two FreeBSD based gateways, one running 5.2.1-RELEASE and the
> other 5.3-STABLE, both not having been updated since I installed from ISO
> images. They both have custom ipfw firewalls that are dropping pretty much
> everything that's not supposed to come in.
>
> All was fine and dandy until one day I noticed that when I nmap'ed them
> from
> the outside, the one shows
>
> The 1663 ports scanned but not shown below are in state: filtered)
> PORT STATE SERVICE
> 80/tcp open http
> 554/tcp open rtsp
> 1755/tcp open wms
> 5190/tcp open aol
>
Kilian, what does a sockstat show you on those systems and are there any
nats on either of these systems that would have a redirect_address to
something behind them?
--
Micheal Patterson
More information about the freebsd-questions
mailing list