LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-02-2003, 10:04 PM   #1
liumang
LQ Newbie
 
Registered: Jul 2003
Posts: 6

Rep: Reputation: 0
hack ?help me !!


I with( nmaps) last each more at other machines( 445 /tcp filtered microsoft-ds) sweep and find and for end mouth in machine, Have too relevant services,spend at I( rh 8.0,) keep being the new everyday, Excuse me, what I or caught by hack? How clear

(The 1593 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
443/tcp open https
445/tcp filtered microsoft-ds
 
Old 07-02-2003, 10:46 PM   #2
shellcode
Member
 
Registered: May 2003
Location: Beverly Hills
Distribution: Slackware, Gentoo
Posts: 350

Rep: Reputation: 32
Re: hack ?help me !!

Quote:
Originally posted by liumang
How clear
not very....

try google with port 445
 
Old 07-03-2003, 04:56 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Port TCP/445 (and UDP IIRC) is only used by Micro$oft, and only if port TCP/139 is blocked. There are no Linux services known to me that run on port TCP/445.

If you have the port open, check if there is a (rogue) daemon listening, or if the state of the port is just seen as open because it is not firewalled. To check for (rogue) daemons listening use "netstat -anp", examine the process ID's (PID) information in /proc and verify the binary that is running has a legitimate purpose.

If unsure, verify your systems integrity using a system integrity checker like Aide, Samhain, Osiris or tripwire (only if installed and used directly after system install), verify for running services and possible cracker activity using chkrootkit(.org), network interface promiscuous mode using /sbin/ip and the rpm database.

If there is no service running on port 445, and you have verified your systems integrity, properly firewall the port, restart the firewall and scan again.
 
Old 07-03-2003, 01:14 PM   #4
unixvillian
LQ Newbie
 
Registered: Jun 2003
Location: Pittsburgh, PA
Distribution: Slackware
Posts: 12

Rep: Reputation: 0
liumang, Some ISPs set their firewalls to block port 445, it may not be open but its filtered through ur ISP
 
Old 07-03-2003, 03:39 PM   #5
xscousr
Member
 
Registered: Jul 2003
Location: Toronto
Distribution: Redhat
Posts: 89

Rep: Reputation: 15
netstat -tupan |grep 445

what's the output?
 
Old 07-05-2003, 03:27 AM   #6
liumang
LQ Newbie
 
Registered: Jul 2003
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by unixvillian
liumang, Some ISPs set their firewalls to block port 445, it may not be open but its filtered through ur ISP
Thank everybody for help, I do not have calm thinking here, say just as upstairs, Where is the reason of isp
 
Old 07-09-2003, 01:33 PM   #7
brijesh
LQ Newbie
 
Registered: Jun 2003
Location: india
Distribution: redhat
Posts: 27

Rep: Reputation: 15
use nmap -sS option it not danger ..by using these nmap it's recorded there
 
Old 07-11-2003, 10:00 PM   #8
german
Member
 
Registered: Jul 2003
Location: Toronto, Canada
Distribution: Debian etch, Gentoo
Posts: 312

Rep: Reputation: 30
Any firewall worth its salt will record both

B.
 
Old 07-12-2003, 12:09 PM   #9
brijesh
LQ Newbie
 
Registered: Jun 2003
Location: india
Distribution: redhat
Posts: 27

Rep: Reputation: 15
i have problem in samba cannot mount a ip address
please help me
 
Old 07-12-2003, 12:13 PM   #10
DrOzz
Senior Member
 
Registered: May 2003
Location: Sydney, Nova Scotia, Canada
Distribution: slackware
Posts: 4,185

Rep: Reputation: 60
you should have started a new thread brijesh...anyways, your going to have to go into more detail than that, such as what error messages your getting when trying to do so, and how you are going about mounting a share, such as are you using a GUI such as linnieghborhood or xsmbrowser, or are you trying to do this from command line...
 
Old 11-28-2004, 04:21 AM   #11
soulsniper
Member
 
Registered: Apr 2003
Distribution: Server= Fedora Core 2, Desktop= Ubuntu Hoary Preview
Posts: 41

Rep: Reputation: 15
Port 445 is samba!

Running netstat -tupan |grep 445 gives:

tcp 0 0 12.34.56.78:445 0.0.0.0:* LISTEN 20981/smbd

smbd is the samba daemon..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hack,,, apenguinlinux General 4 02-22-2005 10:13 AM
hack,, apenguinlinux General 5 02-22-2005 09:40 AM
are they trying to hack me? epox111 Linux - Security 9 09-10-2003 08:23 PM
what the hack is this? doublefailure Linux - Security 13 04-24-2003 12:23 PM
hack ? spooge Linux - Security 4 01-21-2003 11:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration