Even if he is running a firewall, it's obvious that no ports have
been closed. With 21, 139, 3306 and 6000 open, reinstalling from CD
is the *only* prudent course AFTER you put up the firewall!!!!.
--- Joey Kelly <geek@joeykelly.net> wrote:
> Well, let's see. If that is your IP, you don't have a firewall
> running,
> as evidenced below. Also, you are quite possibly h4z0r3d.
>
> I'd find out, and reinstall from scratch. Before I did that, I'd
> put up
> a firewall. All it takes is an old 486 and a couple of NICs,
> running
> either freesco or the netbsd firewall.
>
>
>
> jkelly@octopus:~/programs/> nmap 66.157.2.42
>
> Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
> Interesting ports on adsl-157-2-42.msy.bellsouth.net (66.157.2.42):
> (The 1538 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 53/tcp open domain
> 80/tcp open http
> 110/tcp open pop-3
> 139/tcp open netbios-ssn
> 443/tcp open https
> 3306/tcp open mysql
> 5902/tcp open vnc-2
> 6000/tcp open X11
>
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
>
> --Joey
>
>
> On Thu, 2002-10-17 at 16:13, Chuck wrote:
> > I have a Linux machine connected directly to the internet which
> is
> > running qmail. The other day I got a bounced bounce message to
> some
> > e-mail address at yahoo.com. I have no idea who this person is.
> Anyone
> > familiar with how this person got this e-mail message sent and
> how they
> > managed to insert details about my machine into the e-mail? I
> don't have
> > an open mail relay.
> >
> > --- Below this line is a copy of the message.
> >
> > Return-Path: <anonymous@michoud.com>
> > Received: (qmail 21624 invoked by uid 48); 13 Oct 2002 23:38:52
> -0000
> > Date: 13 Oct 2002 23:38:52 -0000
> > Message-ID: <20021013233852.21622.qmail@michoud.com>
> > From: anonymous@michoud.com
> > To: cinik_worm@yahoo.com
> > Subject: 192.168.0.1
> >
> > PROC
> > processor : 0
> > vendor_id : GenuineIntel
> > cpu family : 6
> > model : 7
> > model name : Pentium III (Katmai)
> > stepping : 3
> > cpu MHz : 598.406
> > cache size : 512 KB
> > fdiv_bug : no
> > hlt_bug : no
> > f00f_bug : no
> > coma_bug : no
> > fpu : yes
> > fpu_exception : yes
> > cpuid level : 2
> > wp : yes
> > flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca
> > cmov pat pse36 mmx fxsr sse
> > bogomips : 1192.75
> >
> > MEM
> > total used free shared buffers
> > cached
> > Mem: 384468 380912 3556 72 144292
> > 119916
> > -/+ buffers/cache: 116704 267764
> > Swap: 1565376 0 1565376
> > HDD
> > Filesystem Size Used Avail Use% Mounted on
> > /dev/hda2 2.2G 1.5G 668M 69% /
> > /dev/hda1 49M 5.9M 41M 13% /boot
> > /dev/hdb1 15G 6.4G 8.0G 45% /home
> > /dev/hdb2 2.9G 534M 2.2G 20% /var
> > none 188M 0 187M 0% /dev/shm
> > IP
> > eth0 Link encap:Ethernet HWaddr 00:E0:29:06:BC:BF
> > inet addr:192.168.0.1 Bcast:192.168.0.255
> Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:928799 errors:1 dropped:0 overruns:0 frame:0
> > TX packets:820862 errors:3 dropped:0 overruns:0
> carrier:3
> > collisions:0 txqueuelen:100
> > RX bytes:117780318 (112.3 Mb) TX bytes:293833047
> (280.2 Mb)
> > Interrupt:9
> >
> > eth1 Link encap:Ethernet HWaddr 00:10:4B:DA:2A:17
> > inet addr:66.157.2.42 Bcast:66.157.3.255
> Mask:255.255.252.0
> > UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
> > RX packets:754829 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:870938 errors:0 dropped:0 overruns:0
> carrier:0
> > collisions:67 txqueuelen:100
> > RX bytes:230141475 (219.4 Mb) TX bytes:107115112
> (102.1 Mb)
> > Interrupt:5 Base address:0x280 DMA chan:3
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:0
> > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> --
> Joey Kelly
> Linux consultant in New Orleans, Louisiana, USA
> http://kellynet.dhs.org
>
> ---
> Alcohol and Calculus don't mix. Never drink and derive.
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
___________________
Nolug mailing list
nolug@nolug.org
Received on 10/17/02
This archive was generated by hypermail 2.2.0 : 12/19/08 EST