teknic Posted February 6, 2010 Share Posted February 6, 2010 So, I just nmaped all nodes on my network, and my laptop which runs ubuntu 9.10 seems to have been hacked. Below is what nmap showed for my laptop... Interesting ports on xxxxxx (192.168.1.xxx): Not shown: 982 closed ports PORT STATE SERVICE 1/tcp open tcpmux 22/tcp open ssh 79/tcp open finger 111/tcp open rpcbind 119/tcp open nntp 139/tcp open netbios-ssn 143/tcp open imap 445/tcp open microsoft-ds 1080/tcp open socks 1524/tcp open ingreslock 2000/tcp open callbook 6667/tcp open irc 12345/tcp open netbus 31337/tcp open Elite 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 I'd like to find out who attacked me, what their intentions were, where they hacked me from, and when the hack occurred. Can you guys help me get my forensics started? Where should I start and what tools should I use? Thanks! Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.