31337 Elite running on webserver

[paleogryph]

Someone I know has a site on a hosting company (that will remain nameless). The site handles sensitive data and financial info. They told me they have been hacked in the past, but I don't know the details of that. They share a server with others (not leasing their own box) and it runs Linux/Apache (I don't know what distro, nmap couldn't pin it down).

I ran nmap on their domain and it came back with quite a few open ports. More than I've ever seen on a commercial hosting co. I noticed 31337 Elite right away and also 12345 NetBus. However, both these were filtered. But doesn't it seem strange that a hosting co. would have 31337 show up at all in a port scan? I emailed the person I know with the results of the scan.



>Think for yourself<
...or someone else will do it for you.

 

[Sapient2003]

The server is most likey behind a firewall. Normally, when ports are closed, the operating system would respond to SYN packets accordingly, telling the source that the port is closed. When behind a firewall, the operating system will not respond to the SYN packets accordingly, not replying at all. This causes the &quot;filtered&quot; response.

--Sapient2003 - sapient@sapient2003.com
&quot;The worst insecurity is believing you are too secure.&quot;