port 22222 vulnerability

port 22222 vulnerability

Post by Allan Bruc » Sat, 11 Oct 2003 05:16:23



Hello there,

I just ran a port scan on my machine, and found that my port 22222 is open
to attack by a trojan horse.  I tried to reject this in iptables but it
hasnt done anything.  Is this a problem? Does anybody know how to get around
this?

Thanks
Allan

--
Allan Bruce
Dept. of Computing Science
University of Aberdeen
Aberdeen AB24 3UE
Scotland, UK

 
 
 

port 22222 vulnerability

Post by Paul Lutu » Sat, 11 Oct 2003 07:24:45



> Hello there,

> I just ran a port scan on my machine, and found that my port 22222 is open
> to attack by a trojan horse.

Which trojan horse? How did you get this idea?

Quote:>  I tried to reject this in iptables but it
> hasnt done anything.

Define "reject", and post the iptables entry, not your own words. Define
"it". Define "hasn't done anything." Use the information from your
computer, not your native language.

Quote:> Is this a problem?

Is what a problem? The problem, or the solution?

Quote:> Does anybody know how to get
> around this?

Get around what? Try writing simple declarative sentences, whose ideas flow
logically from one sentence to the next.

--
Paul Lutus
http://www.arachnoid.com

 
 
 

port 22222 vulnerability

Post by eddi » Sat, 11 Oct 2003 12:11:16



> Hello there,

> I just ran a port scan on my machine, and found that my port 22222 is open
> to attack by a trojan horse.  

OK, you are open; what about your computer?
snip
Quote:> Is this a problem?
It depends
> Does anybody know how to get around this?

Yes
 
 
 

port 22222 vulnerability

Post by Leon The Peo » Sat, 11 Oct 2003 12:23:25



Quote:> Hello there,

> I just ran a port scan on my machine, and found that my port 22222 is open
> to attack by a trojan horse.

Does this mean that you have a trojan horse installed ?
hmm.

Quote:>I tried to reject this in iptables but it
> hasnt done anything.
>Is this a problem?

Probably not.
 the port scan didnt tell you much because it was run inside the firewall.
to test your firewall you have to run the portscan aimed at your machine,
but outside the firewall - eg on a friends system.

Quote:> Does anybody know how to get around
> this?

Run the port scanner on another machine aimed at your machine.

Your change to iptables might have worked to secure your box from outside
attack, but your test for the effect did not work.

Actually you should block all ports  and only open up those that you want to
have open. eg port 80 to allow a web server to work.

Anyone who called Allan Bruce stupid  is a right arsehole.  The only way to
learn this fact about firewalling is to be told.

 
 
 

port 22222 vulnerability

Post by Allan Bruc » Sat, 11 Oct 2003 17:56:38






> > Hello there,

> > I just ran a port scan on my machine, and found that my port 22222 is
open
> > to attack by a trojan horse.

> Does this mean that you have a trojan horse installed ?
> hmm.

> >I tried to reject this in iptables but it
> > hasnt done anything.

> >Is this a problem?

> Probably not.
>  the port scan didnt tell you much because it was run inside the firewall.
> to test your firewall you have to run the portscan aimed at your machine,
> but outside the firewall - eg on a friends system.

I ran the test at http://security.symantec.com
Which alerted me to the problem.

Quote:

> > Does anybody know how to get around
> > this?

> Run the port scanner on another machine aimed at your machine.

> Your change to iptables might have worked to secure your box from outside
> attack, but your test for the effect did not work.

> Actually you should block all ports  and only open up those that you want
to
> have open. eg port 80 to allow a web server to work.

I now have every single port blocked apart from my port 80 for apache, and a
aselect few others which dont seem to be "common" ports for attack (i.e. I
have selected them as >10000)

Quote:

> Anyone who called Allan Bruce stupid  is a right arsehole.  The only way
to
> learn this fact about firewalling is to be told.

Thanks, I felt some of the replies were a little short!
 
 
 

port 22222 vulnerability

Post by Neil Horma » Sat, 11 Oct 2003 20:46:56



> Hello there,

> I just ran a port scan on my machine, and found that my port 22222 is open
> to attack by a trojan horse.  I tried to reject this in iptables but it
> hasnt done anything.  Is this a problem? Does anybody know how to get around
> this?

> Thanks
> Allan

Sounds like somebody is running a undesireable program on your system.
Run the following command:
netstat -a --program
This will provide a list of open sockets on your system, examine the
output to find the program which is listening on the offending port and
deal with it as you see fit.

HTH
Neil

--
/***************************************************
  *Neil Horman
  *Software Engineer
  *Red Hat, Inc., www.redhat.com
  *gpg keyid: 1024D / 0x92A74FA1
  *http://www.keyserver.net
  ***************************************************/

 
 
 

port 22222 vulnerability

Post by Charlie Gibb » Sun, 12 Oct 2003 06:11:46



(Allan Bruce) writes:


>> Anyone who called Allan Bruce stupid  is a right arsehole.  The only
>> way to learn this fact about firewalling is to be told.

>Thanks, I felt some of the replies were a little short!

Don't worry about it; you were just unlucky enough to trigger
responses from the group's two top flamers.  They know their
stuff, but they can sometimes be a little, uh, undiplomatic.

--

\ /  I'm really at ac.dekanfrus if you read it the right way.
 X   Top-posted messages will probably be ignored.  See RFC1855.
/ \  HTML will DEFINITELY be ignored.  Join the ASCII ribbon campaign!

 
 
 

port 22222 vulnerability

Post by Thorg Thorgussonn » Wed, 22 Oct 2003 10:59:46







>> > Hello there,

>> > I just ran a port scan on my machine, and found that my port 22222 is
> open
>> > to attack by a trojan horse.

>> Does this mean that you have a trojan horse installed ?
>> hmm.

>> >I tried to reject this in iptables but it
>> > hasnt done anything.

>> >Is this a problem?

>> Probably not.
>>  the port scan didnt tell you much because it was run inside the firewall.
>> to test your firewall you have to run the portscan aimed at your machine,
>> but outside the firewall - eg on a friends system.

> I ran the test at http://security.symantec.com
> Which alerted me to the problem.

>> > Does anybody know how to get around
>> > this?

>> Run the port scanner on another machine aimed at your machine.

>> Your change to iptables might have worked to secure your box from outside
>> attack, but your test for the effect did not work.

>> Actually you should block all ports  and only open up those that you want
> to
>> have open. eg port 80 to allow a web server to work.

> I now have every single port blocked apart from my port 80 for apache, and a
> aselect few others which dont seem to be "common" ports for attack (i.e. I
> have selected them as >10000)

>> Anyone who called Allan Bruce stupid  is a right arsehole.  The only way
> to
>> learn this fact about firewalling is to be told.

> Thanks, I felt some of the replies were a little short!

FWIW The http://security.symantec.com  test does not work on Linux boxes,
according to the notice I received when I tried to use their test.  It
worked fine on my XP box.

Cheers,

Thorg

 
 
 

port 22222 vulnerability

Post by Michael C » Sun, 26 Oct 2003 19:23:37


On Tue, 21 Oct 2003 01:59:46 GMT,


>  FWIW The http://security.symantec.com  test does not work on Linux
>  boxes, according to the notice I received when I tried to use their
>  test.  It worked fine on my XP box.

It works fine, just lie about the OS, and possibly the browser.

I just ran it using lynx on Debian 3.0r1.

Michael C.
--

Registered Linux User #303915 http://counter.li.org/