[kwlug-disc] Mysterious filtered ports on a server
Remi Gauvin
remi at georgianit.com
Wed Oct 26 00:40:45 EDT 2016
On 16-10-25 11:56 PM, Paul Nijjar via kwlug-disc wrote:
>
> I am worried that a Debian server I administrate may be hacked. When I
> run the following command from a different machine:
>
> nmap -A -v <host>
>
> I see the following as part of the output:
>
> 6667/tcp filtered irc
> 6668/tcp filtered irc
> 6669/tcp filtered irc
>
> but I do not see an IRC package installed on the server. More
> worryingly, running the following command on the server:
>
>
State: Filtered doesn't mean open,, it means firewalled. (ie, the
packets are dropped). *why* those ports are not responding at all when
apparently you have no idea how to configure a firewall might be an
equally interesting question.
Are you nmapping from outside the local network, (ie, might a Router be
trying to forward those ports to a *different* host?)
the output of iptables -v -L INPUT and iptables -v -L FORWARD might help
illuminate things.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remi.vcf
Type: text/x-vcard
Size: 193 bytes
Desc: not available
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20161026/43b17d50/attachment.vcf>
More information about the kwlug-disc
mailing list