Hi,
one of the machines I administer to is running iptables with an input
policy of drop, and allows only a few, selected services. Ftp is most
definitely not among them, and there is no ftp server installed on the
machine in question.
nmap -P0 -sS reports that among the expected, port 21 is open.
telnetting to port 21 shows indeed a successful connect:
radagast@angmar:~>telnet <machine> 21
Trying <ip>...
Connected to <machine>
Escape character is '^]'.
^]
telnet> quit
But it just sits there, no welcoming banner, no response to obvious
ascii-commands.
At the same time the kernel logs report that my telnet packets are being
blocked by iptables. hping2 -A gets reset packets from that port as
well, as if it weren't filtered, while amap shows me nothing of value.
Is this maybe some ip_conntrack weirdness? I already sweeped the machine
as well as I could and so far I came up with no indication for a rootkit
or backdoor.
Regs,
Sven
--
Sven Riedel sr@xxxxxxxx
Liebigstr. 38
30163 Hannover "Python is merely Perl for those who
prefer Pascal to C" (anon)
