Samantha Samuel on Fri, 5 Apr 2002 18:20:16 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] weak linux firewall?


I had run the nmap from the internal network. From outside, the nmap looks 
like the attachment I am sending. It shows that only the ssh port is up.

-Sam


> For reasons that are not important I have win2k on a partition. My 
> firewall is a linux box that has only the following ports open.
> 
> Port       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 80/tcp     open        http
> 139/tcp    open        netbios-ssn
> 515/tcp    open        printer
> 6000/tcp   open        X11
> 6004/tcp   open        X11:4
> 
> When surfing the internet last night, I saw an ad that claimed my pc was 
> insecure and had a snapshot of my hd, that had a pic of my folders and the 
> size of my partition. Now this worries me. I know it was a pic of my comp, 
> and not some generic pc because of this one folder I had.
> 
> Does anyone have any thoughts on how someone could have gotten past the 
> firewall and peeked into my machine?
> 
> Thanks.
> 

-- 
Samantha
-------
Real programmers do not comment their code. If it was hard to write, it
should be hard to understand.

http://taz.cs.wcupa.edu/~ssamuel
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on pool-141-158-248-199.phil.east.verizon.net (141.158.248.199):
(The 1043 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh                     
81/tcp     closed      hosts2-ns               
1023/tcp   closed      unknown                 
1024/tcp   closed      kdm                     
1025/tcp   closed      listen                  
1026/tcp   closed      nterm                   
1030/tcp   closed      iad1                    
1031/tcp   closed      iad2                    
1032/tcp   closed      iad3                    
1058/tcp   closed      nim                     
1059/tcp   closed      nimreg                  
1067/tcp   closed      instl_boots             
1068/tcp   closed      instl_bootc             
1080/tcp   closed      socks                   
1083/tcp   closed      ansoft-lm-1             
1084/tcp   closed      ansoft-lm-2             
1103/tcp   closed      xaudio                  
1109/tcp   closed      kpop                    
1110/tcp   closed      nfsd-status             
1112/tcp   closed      msql                    
1127/tcp   closed      supfiledbg              
1155/tcp   closed      nfa                     
1178/tcp   closed      skkserv                 
1212/tcp   closed      lupa                    
1222/tcp   closed      nerv                    
1234/tcp   closed      hotline                 
1241/tcp   closed      msg                     
1248/tcp   closed      hermes                  
1346/tcp   closed      alta-ana-lm             
1347/tcp   closed      bbn-mmc                 
1348/tcp   closed      bbn-mmx                 
1349/tcp   closed      sbook                   
1350/tcp   closed      editbench               
1351/tcp   closed      equationbuilder         
1352/tcp   closed      lotusnotes              
1353/tcp   closed      relief                  
1354/tcp   closed      rightbrain              
1355/tcp   closed      intuitive-edge          
1356/tcp   closed      cuillamartin            
1357/tcp   closed      pegboard                
1358/tcp   closed      connlcli                
1359/tcp   closed      ftsrv                   
1360/tcp   closed      mimer                   
1361/tcp   closed      linx                    
1362/tcp   closed      timeflies               
1363/tcp   closed      ndm-requester           
1364/tcp   closed      ndm-server              
1365/tcp   closed      adapt-sna               
1366/tcp   closed      netware-csp             
1367/tcp   closed      dcs                     
1368/tcp   closed      screencast              
1369/tcp   closed      gv-us                   
1370/tcp   closed      us-gv                   
1371/tcp   closed      fc-cli                  
1372/tcp   closed      fc-ser                  
1373/tcp   closed      chromagrafx             
1374/tcp   closed      molly                   
1375/tcp   closed      bytex                   
1376/tcp   closed      ibm-pps                 
1377/tcp   closed      cichlid                 
1378/tcp   closed      elan                    
1379/tcp   closed      dbreporter              
1380/tcp   closed      telesis-licman          
1381/tcp   closed      apple-licman            
1383/tcp   closed      gwha                    
1384/tcp   closed      os-licman               
1385/tcp   closed      atex_elmd               
1386/tcp   closed      checksum                
1387/tcp   closed      cadsi-lm                
1388/tcp   closed      objective-dbc           
1389/tcp   closed      iclpv-dm                
1390/tcp   closed      iclpv-sc                
1391/tcp   closed      iclpv-sas               
1392/tcp   closed      iclpv-pm                
1393/tcp   closed      iclpv-nls               
1394/tcp   closed      iclpv-nlc               
1395/tcp   closed      iclpv-wsm               
1396/tcp   closed      dvl-activemail          
1397/tcp   closed      audio-activmail         
1398/tcp   closed      video-activmail         
1399/tcp   closed      cadkey-licman           
1400/tcp   closed      cadkey-tablet           
1401/tcp   closed      goldleaf-licman         
1402/tcp   closed      prm-sm-np               
1403/tcp   closed      prm-nm-np               
1404/tcp   closed      igi-lm                  
1405/tcp   closed      ibm-res                 
1406/tcp   closed      netlabs-lm              
1407/tcp   closed      dbsa-lm                 
1408/tcp   closed      sophia-lm               
1409/tcp   closed      here-lm                 
1410/tcp   closed      hiq                     
1411/tcp   closed      af                      
1412/tcp   closed      innosys                 
1413/tcp   closed      innosys-acl             
1414/tcp   closed      ibm-mqseries            
1415/tcp   closed      dbstar                  
1416/tcp   closed      novell-lu6.2            
1417/tcp   closed      timbuktu-srv1           
1418/tcp   closed      timbuktu-srv2           
1419/tcp   closed      timbuktu-srv3           
1420/tcp   closed      timbuktu-srv4           
1421/tcp   closed      gandalf-lm              
1422/tcp   closed      autodesk-lm             
1423/tcp   closed      essbase                 
1424/tcp   closed      hybrid                  
1425/tcp   closed      zion-lm                 
1426/tcp   closed      sas-1                   
1427/tcp   closed      mloadd                  
1428/tcp   closed      informatik-lm           
1429/tcp   closed      nms                     
1430/tcp   closed      tpdu                    
1431/tcp   closed      rgtp                    
1432/tcp   closed      blueberry-lm            
1434/tcp   closed      ms-sql-m                
1435/tcp   closed      ibm-cics                
1436/tcp   closed      sas-2                   
1437/tcp   closed      tabula                  
1438/tcp   closed      eicon-server            
1439/tcp   closed      eicon-x25               
1440/tcp   closed      eicon-slp               
1441/tcp   closed      cadis-1                 
1442/tcp   closed      cadis-2                 
1443/tcp   closed      ies-lm                  
1444/tcp   closed      marcam-lm               
1445/tcp   closed      proxima-lm              
1446/tcp   closed      ora-lm                  
1447/tcp   closed      apri-lm                 
1448/tcp   closed      oc-lm                   
1449/tcp   closed      peport                  
1450/tcp   closed      dwf                     
1451/tcp   closed      infoman                 
1452/tcp   closed      gtegsc-lm               
1453/tcp   closed      genie-lm                
1454/tcp   closed      interhdl_elmd           
1455/tcp   closed      esl-lm                  
1456/tcp   closed      dca                     
1457/tcp   closed      valisys-lm              
1458/tcp   closed      nrcabq-lm               
1459/tcp   closed      proshare1               
1460/tcp   closed      proshare2               
1461/tcp   closed      ibm_wrless_lan          
1462/tcp   closed      world-lm                
1463/tcp   closed      nucleus                 
1464/tcp   closed      msl_lmd                 
1465/tcp   closed      pipes                   
1466/tcp   closed      oceansoft-lm            
1467/tcp   closed      csdmbase                
1468/tcp   closed      csdm                    
1469/tcp   closed      aal-lm                  
1470/tcp   closed      uaiact                  
1471/tcp   closed      csdmbase                
1472/tcp   closed      csdm                    
1473/tcp   closed      openmath                
1474/tcp   closed      telefinder              
1475/tcp   closed      taligent-lm             
1476/tcp   closed      clvm-cfg                
1477/tcp   closed      ms-sna-server           
1478/tcp   closed      ms-sna-base             
1479/tcp   closed      dberegister             
1480/tcp   closed      pacerforum              
1481/tcp   closed      airs                    
1482/tcp   closed      miteksys-lm             
1483/tcp   closed      afs                     
1484/tcp   closed      confluent               
1485/tcp   closed      lansource               
1486/tcp   closed      nms_topo_serv           
1487/tcp   closed      localinfosrvr           
1488/tcp   closed      docstor                 
1489/tcp   closed      dmdocbroker             
1490/tcp   closed      insitu-conf             
1491/tcp   closed      anynetgateway           
1492/tcp   closed      stone-design-1          
1493/tcp   closed      netmap_lm               
1494/tcp   closed      citrix-ica              
1495/tcp   closed      cvc                     
1496/tcp   closed      liberty-lm              
1497/tcp   closed      rfx-lm                  
1498/tcp   closed      watcom-sql              
1499/tcp   closed      fhc                     
1500/tcp   closed      vlsi-lm                 
1501/tcp   closed      sas-3                   
1502/tcp   closed      shivadiscovery          
1503/tcp   closed      imtc-mcs                
1504/tcp   closed      evb-elm                 
1505/tcp   closed      funkproxy               
1506/tcp   closed      utcd                    
1507/tcp   closed      symplex                 
1508/tcp   closed      diagmond                
1509/tcp   closed      robcad-lm               
1510/tcp   closed      mvx-lm                  
1511/tcp   closed      3l-l1                   
1512/tcp   closed      wins                    
1513/tcp   closed      fujitsu-dtc             
1514/tcp   closed      fujitsu-dtcns           
1515/tcp   closed      ifor-protocol           
1516/tcp   closed      vpad                    
1517/tcp   closed      vpac                    
1518/tcp   closed      vpvd                    
1519/tcp   closed      vpvc                    
1520/tcp   closed      atm-zip-office          
1521/tcp   closed      ncube-lm                
1522/tcp   closed      rna-lm                  
1523/tcp   closed      cichild-lm              
1524/tcp   closed      ingreslock              
1525/tcp   closed      orasrv                  
1526/tcp   closed      pdap-np                 
1527/tcp   closed      tlisrv                  
1528/tcp   closed      mciautoreg              
1529/tcp   closed      support                 
1530/tcp   closed      rap-service             
1531/tcp   closed      rap-listen              
1532/tcp   closed      miroconnect             
1533/tcp   closed      virtual-places          
1534/tcp   closed      micromuse-lm            
1535/tcp   closed      ampr-info               
1536/tcp   closed      ampr-inter              
1537/tcp   closed      sdsc-lm                 
1538/tcp   closed      3ds-lm                  
1539/tcp   closed      intellistor-lm          
1540/tcp   closed      rds                     
1541/tcp   closed      rds2                    
1542/tcp   closed      gridgen-elmd            
1543/tcp   closed      simba-cs                
1544/tcp   closed      aspeclmd                
1545/tcp   closed      vistium-share           
1546/tcp   closed      abbaccuray              
1547/tcp   closed      laplink                 
1548/tcp   closed      axon-lm                 
1549/tcp   closed      shivahose               
1550/tcp   closed      3m-image-lm             
1551/tcp   closed      hecmtl-db               
1552/tcp   closed      pciarray                
1600/tcp   closed      issd                    
1650/tcp   closed      nkd                     
1651/tcp   closed      shiva_confsrvr          
1652/tcp   closed      xnmp                    
1661/tcp   closed      netview-aix-1           
1662/tcp   closed      netview-aix-2           
1663/tcp   closed      netview-aix-3           
1664/tcp   closed      netview-aix-4           
1665/tcp   closed      netview-aix-5           
1666/tcp   closed      netview-aix-6           
1667/tcp   closed      netview-aix-7           
1668/tcp   closed      netview-aix-8           
1669/tcp   closed      netview-aix-9           
1670/tcp   closed      netview-aix-10          
1671/tcp   closed      netview-aix-11          
1672/tcp   closed      netview-aix-12          
1723/tcp   closed      pptp                    
1827/tcp   closed      pcm                     
1986/tcp   closed      licensedaemon           
1987/tcp   closed      tr-rsrb-p1              
1988/tcp   closed      tr-rsrb-p2              
1989/tcp   closed      tr-rsrb-p3              
1990/tcp   closed      stun-p1                 
1991/tcp   closed      stun-p2                 
1992/tcp   closed      stun-p3                 
1993/tcp   closed      snmp-tcp-port           
1994/tcp   closed      stun-port               
1995/tcp   closed      perf-port               
1996/tcp   closed      tr-rsrb-port            
1997/tcp   closed      gdp-port                
1998/tcp   closed      x25-svc-port            
1999/tcp   closed      tcp-id-port             
2000/tcp   closed      callbook                
2001/tcp   closed      dc                      
2002/tcp   closed      globe                   
2003/tcp   closed      cfingerd                
2004/tcp   closed      mailbox                 
2005/tcp   closed      deslogin                
2006/tcp   closed      invokator               
2007/tcp   closed      dectalk                 
2008/tcp   closed      conf                    
2009/tcp   closed      news                    
2010/tcp   closed      search                  
2011/tcp   closed      raid-cc                 
2012/tcp   closed      ttyinfo                 
2013/tcp   closed      raid-am                 
2014/tcp   closed      troff                   
2015/tcp   closed      cypress                 
2016/tcp   closed      bootserver              
2017/tcp   closed      cypress-stat            
2018/tcp   closed      terminaldb              
2019/tcp   closed      whosockami              
2020/tcp   closed      xinupageserver          
2021/tcp   closed      servexec                
2022/tcp   closed      down                    
2023/tcp   closed      xinuexpansion3          
2024/tcp   closed      xinuexpansion4          
2025/tcp   closed      ellpack                 
2026/tcp   closed      scrabble                
2027/tcp   closed      shadowserver            
2028/tcp   closed      submitserver            
2030/tcp   closed      device2                 
2032/tcp   closed      blackboard              
2033/tcp   closed      glogger                 
2034/tcp   closed      scoremgr                
2035/tcp   closed      imsldoc                 
2038/tcp   closed      objectmanager           
2040/tcp   closed      lam                     
2041/tcp   closed      interbase               
2042/tcp   closed      isis                    
2043/tcp   closed      isis-bcast              
2044/tcp   closed      rimsl                   
2045/tcp   closed      cdfunc                  
2046/tcp   closed      sdfunc                  
2047/tcp   closed      dls                     
2048/tcp   closed      dls-monitor             
2064/tcp   closed      distrib-net-losers      
2065/tcp   closed      dlsrpn                  
2067/tcp   closed      dlswpn                  
2105/tcp   closed      eklogin                 
2106/tcp   closed      ekshell                 
2108/tcp   closed      rkinit                  
2111/tcp   closed      kx                      
2112/tcp   closed      kip                     
2120/tcp   closed      kauth                   
2201/tcp   closed      ats                     
2232/tcp   closed      ivs-video               
2241/tcp   closed      ivsd                    
2301/tcp   closed      compaqdiag              
2307/tcp   closed      pehelp                  
2430/tcp   closed      venus                   
2431/tcp   closed      venus-se                
2432/tcp   closed      codasrv                 
2433/tcp   closed      codasrv-se              
2500/tcp   closed      rtsserv                 
2501/tcp   closed      rtsclient               
2564/tcp   closed      hp-3000-telnet          
2600/tcp   closed      zebrasrv                
2601/tcp   closed      zebra                   
2602/tcp   closed      ripd                    
2603/tcp   closed      ripngd                  
2604/tcp   closed      ospfd                   
2605/tcp   closed      bgpd                    
2627/tcp   closed      webster                 
2638/tcp   closed      sybase                  
2766/tcp   closed      listen                  
2784/tcp   closed      www-dev                 
2998/tcp   closed      iss-realsec             
3000/tcp   closed      ppp                     
3001/tcp   closed      nessusd                 
3005/tcp   closed      deslogin                
3006/tcp   closed      deslogind               
3049/tcp   closed      cfs                     
3064/tcp   closed      distrib-net-proxy       
3086/tcp   closed      sj3                     
3128/tcp   closed      squid-http              
3141/tcp   closed      vmodem                  
3264/tcp   closed      ccmail                  
3333/tcp   closed      dec-notes               
3389/tcp   closed      msrdp                   
3421/tcp   closed      bmap                    
3455/tcp   closed      prsvp                   
3456/tcp   closed      vat                     
3457/tcp   closed      vat-control             
3462/tcp   closed      track                   
3900/tcp   closed      udt_os                  
3984/tcp   closed      mapper-nodemgr          
3985/tcp   closed      mapper-mapethd          
3986/tcp   closed      mapper-ws_ethd          
4008/tcp   closed      netcheque               
4045/tcp   closed      lockd                   
4132/tcp   closed      nuts_dem                
4133/tcp   closed      nuts_bootp              
4144/tcp   closed      wincim                  
4321/tcp   closed      rwhois                  
4333/tcp   closed      msql                    
4343/tcp   closed      unicall                 
4444/tcp   closed      krb524                  
4500/tcp   closed      sae-urn                 
4557/tcp   closed      fax                     
4559/tcp   closed      hylafax                 
4672/tcp   closed      rfa                     
5000/tcp   closed      fics                    
5001/tcp   closed      commplex-link           
5002/tcp   closed      rfe                     
5010/tcp   closed      telelpathstart          
5011/tcp   closed      telelpathattack         
5050/tcp   closed      mmcc                    
5145/tcp   closed      rmonitor_secure         
5190/tcp   closed      aol                     
5191/tcp   closed      aol-1                   
5192/tcp   closed      aol-2                   
5193/tcp   closed      aol-3                   
5232/tcp   closed      sgi-dgl                 
5236/tcp   closed      padl2sim                
5300/tcp   closed      hacl-hb                 
5301/tcp   closed      hacl-gs                 
5302/tcp   closed      hacl-cfg                
5303/tcp   closed      hacl-probe              
5304/tcp   closed      hacl-local              
5305/tcp   closed      hacl-test               
5308/tcp   closed      cfengine                
5400/tcp   closed      pcduo-old               
5405/tcp   closed      pcduo                   
5510/tcp   closed      secureidprop            
5520/tcp   closed      sdlog                   
5530/tcp   closed      sdserv                  
5540/tcp   closed      sdreport                
5550/tcp   closed      sdadmind                
5631/tcp   closed      pcanywheredata          
5632/tcp   closed      pcanywherestat          
5680/tcp   closed      canna                   
5713/tcp   closed      proshareaudio           
5714/tcp   closed      prosharevideo           
5715/tcp   closed      prosharedata            
5716/tcp   closed      prosharerequest         
5717/tcp   closed      prosharenotify          
5800/tcp   closed      vnc                     
5801/tcp   closed      vnc                     
5900/tcp   closed      vnc                     
5901/tcp   closed      vnc-1                   
5902/tcp   closed      vnc-2                   
5977/tcp   closed      ncd-pref-tcp            
5978/tcp   closed      ncd-diag-tcp            
5979/tcp   closed      ncd-conf-tcp            
5997/tcp   closed      ncd-pref                
5998/tcp   closed      ncd-diag                
6050/tcp   closed      arcserve                
6105/tcp   closed      isdninfo                
6106/tcp   closed      isdninfo                
6110/tcp   closed      softcm                  
6111/tcp   closed      spc                     
6112/tcp   closed      dtspc                   
6141/tcp   closed      meta-corp               
6142/tcp   closed      aspentec-lm             
6143/tcp   closed      watershed-lm            
6144/tcp   closed      statsci1-lm             
6145/tcp   closed      statsci2-lm             
6146/tcp   closed      lonewolf-lm             
6147/tcp   closed      montage-lm              
6148/tcp   closed      ricardo-lm              
6502/tcp   closed      netop-rc                
6558/tcp   closed      xdsxdm                  
6666/tcp   closed      irc-serv                
6668/tcp   closed      irc                     
6969/tcp   closed      acmsoda                 
7000/tcp   closed      afs3-fileserver         
7001/tcp   closed      afs3-callback           
7002/tcp   closed      afs3-prserver           
7003/tcp   closed      afs3-vlserver           
7004/tcp   closed      afs3-kaserver           
7005/tcp   closed      afs3-volser             
7006/tcp   closed      afs3-errors             
7007/tcp   closed      afs3-bos                
7008/tcp   closed      afs3-update             
7009/tcp   closed      afs3-rmtsys             
7010/tcp   closed      ups-onlinet             
7200/tcp   closed      fodms                   
7201/tcp   closed      dlip                    
7326/tcp   closed      icb                     
7597/tcp   closed      qaz                     
8007/tcp   closed      jserv                   
8009/tcp   closed      ajp13                   
8080/tcp   closed      http-proxy              
8081/tcp   closed      blackice-icecap         
8082/tcp   closed      blackice-alerts         
8892/tcp   closed      seosload                
9090/tcp   closed      zeus-admin              
9100/tcp   closed      jetdirect               
9535/tcp   closed      man                     
9876/tcp   closed      sd                      
9991/tcp   closed      issa                    
9992/tcp   closed      issc                    
10005/tcp  closed      stel                    
10082/tcp  closed      amandaidx               
10083/tcp  closed      amidxtape               
11371/tcp  closed      pksd                    
17007/tcp  closed      isode-dua               
18000/tcp  closed      biimenu                 
20005/tcp  closed      btx                     
22273/tcp  closed      wnn6                    
22289/tcp  closed      wnn6_Cn                 
22305/tcp  closed      wnn6_Kr                 
22321/tcp  closed      wnn6_Tw                 
22370/tcp  closed      hpnpd                   
26208/tcp  closed      wnn6_DS                 
27665/tcp  closed      Trinoo_Master           
32770/tcp  closed      sometimes-rpc3          
32771/tcp  closed      sometimes-rpc5          
32772/tcp  closed      sometimes-rpc7          
32773/tcp  closed      sometimes-rpc9          
32774/tcp  closed      sometimes-rpc11         
32775/tcp  closed      sometimes-rpc13         
32776/tcp  closed      sometimes-rpc15         
32777/tcp  closed      sometimes-rpc17         
32778/tcp  closed      sometimes-rpc19         
32779/tcp  closed      sometimes-rpc21         
32780/tcp  closed      sometimes-rpc23         
32786/tcp  closed      sometimes-rpc25         
32787/tcp  closed      sometimes-rpc27         
43188/tcp  closed      reachout                
44442/tcp  closed      coldfusion-auth         
44443/tcp  closed      coldfusion-auth         
47557/tcp  closed      dbbrowse                
54320/tcp  closed      bo2k                    
65301/tcp  closed      pcanywhere              


Nmap run completed -- 1 IP address (1 host up) scanned in 131 seconds