Ports "suddenly" open

Hey all,

I setup a new linux box last winter/spring running redhat 9. I scan it with
namp from time to time to make sure no one hacked in and opened any ports.
Today I scanned it remotely which showed four new ports open that were never
open before and that I never configured to be open:

135/tcp filtered loc-srv
137/tcp filtered netbios-ns
139/tcp filtered netbios-ssn
4444/tcp filtered krb524

Samba isn't running so I have no idea why 135, 137 and 139 are open. I
haven't found any traces of anyone breaking in (I try to keep it as secure
as possible), though, of course, that doesn't mean no one did break in. I
don't know what's going on with port 4444, either. I don't know if these
ports were opened after running up2date at some point or what. Does anyone
have any ideas as to what steps to take from here?

Thanks,
Jason

In article <lZ-dnQiizN0iZPiiRVn-(E-Mail Removed)>, j.sun. wrote:
> Today I scanned it remotely which showed four new ports open that were never
> open before and that I never configured to be open:
>
> 135/tcp filtered loc-srv

"filtered" != "open"

> have any ideas as to what steps to take from here?

Ask your ISP why they are blocking these ports. Well, I know the answer
to that: they're protecting Windows people from the Blaster worm, and
thereby keeping the complaints at their abuse@ address to a minimum.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

I really like and promote rob0's anti-spam-thingy ... It's cute!

and to say something productive, try to telnet to these ports, if you get a
prompt that means that you CAN actually connect, otherwise you are in the
clear.

Puppywhacker.

"/dev/rob0" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In article <lZ-dnQiizN0iZPiiRVn-(E-Mail Removed)>, j.sun. wrote:
> > Today I scanned it remotely which showed four new ports open that were
never
> > open before and that I never configured to be open:
> >
> > 135/tcp filtered loc-srv
>
> "filtered" != "open"
>
> > have any ideas as to what steps to take from here?
>
> Ask your ISP why they are blocking these ports. Well, I know the answer
> to that: they're protecting Windows people from the Blaster worm, and
> thereby keeping the complaints at their abuse@ address to a minimum.
> --
> /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
> or put "not-spam" or "/dev/rob0" in Subject header to reply