View Single Post
  #3  
Old 17th February 2010, 19:46
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 285
Thanks: 80
Thanked 7 Times in 6 Posts
Default

After checking:
Code:
Checking `bindshell'... INFECTED (PORTS:  1524 6667 31337)
Nmap in local area
Code:
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:40 EET
Illegal netmask value (1524), must be /1 - /32 .  Assuming /32 (one host)
Interesting ports on srv.domai.com (192.168.123.111):
Not shown: 1681 closed ports
PORT      STATE SERVICE
1/tcp     open  tcpmux
11/tcp    open  systat
15/tcp    open  netstat
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
79/tcp    open  finger
80/tcp    open  http
81/tcp    open  hosts2-ns
110/tcp   open  pop3
111/tcp   open  rpcbind
119/tcp   open  nntp
143/tcp   open  imap
443/tcp   open  https
540/tcp   open  uucp
635/tcp   open  unknown
993/tcp   open  imaps
995/tcp   open  pop3s
1080/tcp  open  socks
1524/tcp  open  ingreslock
2000/tcp  open  callbook
3306/tcp  open  mysql
6667/tcp  open  irc
10000/tcp open  snet-sensor-mgmt
12345/tcp open  netbus
12346/tcp open  netbus
27665/tcp open  Trinoo_Master
31337/tcp open  Elite
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32773/tcp open  sometimes-rpc9
32774/tcp open  sometimes-rpc11
54320/tcp open  bo2k
Nmap from internet:
Code:
Starting Nmap 4.62 ( http://nmap.org ) at 2010-02-17 19:41 EET
Interesting ports on mail.domain.com (154.136.112.156):
Not shown: 1707 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
It is ok?

Thank you!
Reply With Quote