OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: 1026 tcp nterm remote_login terminal_emulation
From: Jimmi Andersen (jaPROTECTDATA.DK)
Date: Mon Aug 28 2000 - 02:33:02 CDT

For about 3weeks ago, my linux machine was killed, and the only way to get
in contact with it again was to reboot it. Then I quickly did a portscan and
found the same port on my machine... the tryed to look in the logs. (F***
there wasn't any logs, even in last). And i didn't run telnet, ssh or dns.
so forget about those services.

I think it is a backdoor! (but im not sure) - but i did a total reinstall to
be sure.

-----Original Message-----
From: Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of Ryan Yagatich
Sent: Friday, August 25, 2000 4:38 PM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: 1026 tcp nterm remote_login terminal_emulation

What exactly is nterm?

i mean, i understand that it's a terminal emulation like the subject says,
but i'm interested in documentation about it.

here's why:

I connected my computer to my isp one day, and then port scanned myself and
found that port 1026 (nterm) was open, well, i've never used it before and
was quite unsure about it. netstat showed no connections to it, and when i
telnet'd to it i just got:

Connected to <ip>...
Escape Character is ^]

and that's all. i wound up filtering that specific port off of the machine
using ipchains, but that still doesn't tell me what it is or does.

all help appreciated.

thanks,
ryan