Nmap /w snort
From: nathan skains (nskains@comcast.net)
Date: 05/30/02
- Next message: Dave Raven: "Re: ipfw issue with nmap false alarms"
- Previous message: Alexander E. Syasin: "dmesg message"
- In reply to: Brett Moore: "RE: ipfw issue with nmap false alarms"
- Next in thread: Dave Raven: "Re: Nmap /w snort"
- Reply: Dave Raven: "Re: Nmap /w snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 May 2002 00:33:53 -0500 From: nathan skains <nskains@comcast.net> To: freebsd-security@FreeBSD.ORG
i am having a similar problem earlier today i did a scan on my system and go
the following results. later i ran another scan and got another weird port
open, i am concerned with a comprimise.
Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.0.5):
(The 1545 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
113/tcp open auth
587/tcp open submission
1492/tcp open stone-design-1 << concern about this port being open
3306/tcp open mysql
6667/tcp open irc
6668/tcp open irc
when i try an nmap as root i get this error
Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
pcap_open_live: (no devices found) /dev/bpf4: No such file or directory
There are several possible reasons for this, depending on your operating
system:
LINUX: If you are getting Socket type not supported, try modprobe af_packet
or recompile your kernel with SOCK_PACKET enabled.
*BSD: If you are getting device not configured, you need to recompile your
kernel with Berkeley Packet Filter support. If you are getting No such file
or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use
mknod).
SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such
file or directory', complain to Sun. I don't think Solaris can support
advanced localhost scans. You can probably use "-P0 -sT localhost" though.
but if i throw options in like -P0 -sT it works go figure.
any ideas would be greatly appreicated.
Nathan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Dave Raven: "Re: ipfw issue with nmap false alarms"
- Previous message: Alexander E. Syasin: "dmesg message"
- In reply to: Brett Moore: "RE: ipfw issue with nmap false alarms"
- Next in thread: Dave Raven: "Re: Nmap /w snort"
- Reply: Dave Raven: "Re: Nmap /w snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
