ok this is how it all started today i woke up around 1 pm so i went to check my mail usual routine and i saw my neigber on irc so i was like ok am bored i am gona go nmap his ip to see what is he runing an all that stuff so i do nmap waitin for resoults an then BOOM


Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on Host (ip)
(The 1516 ports scanned but not shown below are in state: closed)
Port State Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
17/tcp open qotd
19/tcp open chargen
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1025/tcp open listen
1026/tcp open nterm
1080/tcp filtered socks
12345/tcp filtered NetBus
12346/tcp filtered NetBus
31337/tcp filtered Elite

TCP Sequence Prediction: Class=random positive increments
Difficulty=19388 (Worthy challenge)
Remote OS guesses: Windows 2000 RC1 through final release, Windows Millenium Edition v4.90.3000

Nmap run completed -- 1 IP address (1 host up) scanned in 45 seconds


so ok it was litlebit suspicios so i try to ftp to host an it works hm but folders are empty coz i loged in as a anonymus ... so yes i tryd other thing

http:host:19

and it gives me just big bunch of text an some strange code ok


then i went to do litle search on a qotd and this is what i got http://www.perltk.org/ex/qotd.txt

so ok for chargen an time an that other stuff i couldnt get much info on wht it is but ya thats all i found out ftp server was

220 untracable Microsoft FTP Service (Version 5.0).
USER anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS (hidden)
230 Anonymous user logged in.

so yes am gona wait till she gets home to go check it out ? any sugestion guys what should i do i was thinkin about seting up firewall to see where connections are coming from an then just to search around for thoes files an stuff any answer suggestion would be helpfull