hack lesson?

[Warren Togami]

----- Original Message -----
From: "R Scott Belford" <sctinc at mac.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Saturday, January 12, 2002 12:28 AM
Subject: [luau] Re: hack lesson?


> I ran portsentry some lately, but freaked out when I nmapped myself and
> saw that all kinds of wicked ports were open.  Some reading at
> chkrootkit.org led me to believe that this was part of how it worked.  I
> still disabled it until I could research it more.  Any insights here?
> Perhaps I unpacked a sinister tarball a few weeks ago.
>

Portsentry can run in "stealth" mode in Linux (but not other operating
systems).  This can make it look like you don't have tons of open ports, but
still have the monitoring capability.  When I use portsentry I usually use
the advanced TCP mode and ignore UDP due to the high amount of false
alarms... but that's just me.