RE: ipfw issue with nmap false alarms

From: Brett Moore (brett@softwarecreations.co.nz)
Date: 05/30/02 

From: "Brett Moore" <brett@softwarecreations.co.nz>
To: <George.Giles@mcmail.vanderbilt.edu>, <freebsd-security@FreeBSD.ORG>
Date: Thu, 30 May 2002 15:27:36 +1200

Others may correct me if I am wrong here.

I have had the same 'problem'. I was told/read that nmap may sometimes
report the port that it is using as open when run against localhost.

Try 2.54BETA34 its for d/l at the site.

Brett

> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of
> George.Giles@mcmail.vanderbilt.edu
> Sent: Thursday, 30 May 2002 15:06
> To: freebsd-security@FreeBSD.ORG
> Subject: ipfw issue with nmap false alarms
>
>
> nmap reports as expected when scanning the actual ip address, but when run
> against localhost various open ports show up.
>
> Any ideas ?
>
> Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> Interesting ports on localhost (127.0.0.1):
> (The 1540 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 53/tcp open domain
> 80/tcp open http
> 443/tcp open https
> 1669/tcp open netview-aix-9
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
> bash-2.05$ nmap localhost
>
> Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> Interesting ports on localhost (127.0.0.1):
> (The 1540 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 53/tcp open domain
> 80/tcp open http
> 443/tcp open https
> 2044/tcp open rimsl
>
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
> bash-2.05$ nmap localhost
>
> Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> Interesting ports on localhost (127.0.0.1):
> (The 1539 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 53/tcp open domain
> 80/tcp open http
> 443/tcp open https
> 2003/tcp open cfingerd
> 3306/tcp open mysql
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • [SLE] nmap showing cups/nfs open to outside.
    ... I did an nmap scan on my computer itself on thee ways and realized ... that both the cups and nfs services are in fact listening on the ... Interesting ports on localhost: ... PORT STATE SERVICE ...
    (SuSE)
  • Re: Help interpreting nmap scan on localhost running Lenny.Strange port?
    ... I did a nmap scan which showed this: ... Interesting ports on localhost: ... however when I kill privoxy and repeat the scan only 8118/tcp port(clearly ... The localhost interface only allows communication ...
    (Debian-User)
  • Re: AW: Re: nmap -sS SYN-SCAN does not find all open Ports?
    ... Network Security Engineer and Analyst ... that there is actually no problem with nmap. ... ports that are not listed by nmap are in state closed. ... Could it somehow be related to my backend firewall? ...
    (Security-Basics)
  • Re: Printserver Netgear PS101
    ... Die kriegt man mit nmap raus. ... Und um hier das konkrete Besipiel des Printservers beizusteuern: ... CET Interesting ports on homejet: ... PORT STATE SERVICE ...
    (de.comp.os.unix.linux.hardware)
  • Re: Nmap questions for the experts
    ... nmap has its own mailing lists, you can find those on insecure.org. ... Do you really use nmap before running nessus? ... Only open ports will be fed to ...
    (Security-Basics)