Solved: Re: trinoo_master on port 27665, filtered state!

fahim · ‎10-17-2006

On my Cisco Router's serial interface, I do a nmap from outside on the Internet. The result is:

" Interesting ports on *.*.50.1:

Not shown: 1676 closed ports

PORT STATE SERVICE

23/tcp filtered telnet

135/tcp filtered msrpc

1524/tcp filtered ingreslock

27665/tcp filtered Trinoo_Master

I am worried about the last two entries. The last nmap was done in Feb this year and I have confirmed that the two ports did not exist.

Though the state "filtered" is a solace but I am still concerned. How can O be sure that the system has not been compromised?

Please Advise!!

carenas123 · ‎10-20-2006

If it is in a filtered state as said need not be worried.Because Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open.

View solution in original post

carenas123 · ‎10-20-2006

If it is in a filtered state as said need not be worried.Because Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open.

Wilson Samuel · ‎10-23-2006

Hi,

This is a nice scenario. Could you please tell us which IOS version you are using and what all filtering commands you have enabled?

Regards,

Wilson Samuel