Nmap /w snort

From: nathan skains (nskains@comcast.net)
Date: 05/30/02


Date: Thu, 30 May 2002 00:33:53 -0500
From: nathan skains <nskains@comcast.net>
To: freebsd-security@FreeBSD.ORG

i am having a similar problem earlier today i did a scan on my system and go
the following results. later i ran another scan and got another weird port
open, i am concerned with a comprimise.
Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )

Interesting ports on (192.168.0.5):

(The 1545 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

22/tcp open ssh

25/tcp open smtp

80/tcp open http

110/tcp open pop-3

113/tcp open auth

587/tcp open submission

1492/tcp open stone-design-1 << concern about this port being open

3306/tcp open mysql

6667/tcp open irc

6668/tcp open irc

when i try an nmap as root i get this error

Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
pcap_open_live: (no devices found) /dev/bpf4: No such file or directory
There are several possible reasons for this, depending on your operating
system:
LINUX: If you are getting Socket type not supported, try modprobe af_packet
or recompile your kernel with SOCK_PACKET enabled.
*BSD: If you are getting device not configured, you need to recompile your
kernel with Berkeley Packet Filter support. If you are getting No such file
or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use
mknod).
SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such
file or directory', complain to Sun. I don't think Solaris can support
advanced localhost scans. You can probably use "-P0 -sT localhost" though.

but if i throw options in like -P0 -sT it works go figure.
any ideas would be greatly appreicated.

Nathan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Problems with localhost
    ... > I have a session in a machine with solaris 8 ... Sounds like whatever is listening on port 80 won't talk back to ... localhost or its shielded off by a firewall. ...
    (comp.unix.solaris)
  • Reference count issue with uart_close() on 2.6.16-2.6.20
    ... After that the serial port is no longer usable no matter what. ... Please find my kernel config and dmesg output below. ... # ACPI Support ... # PCI Hotplug Support ...
    (Linux-Kernel)
  • Panic with amr and 5.4-PRERELEASE
    ... I have a FreeBSD bi-processor box with amr device in FreeBSD ... 'tr /dev/cuaa1' to connect to a different port ... # Floating point support - do not disable. ... pci0: <PCI bus> on pcib0 ...
    (freebsd-current)
  • Panic with amr and 5.4-PRERELEASE
    ... I have a FreeBSD bi-processor box with amr device in FreeBSD ... 'tr /dev/cuaa1' to connect to a different port ... # Floating point support - do not disable. ... pci0: <PCI bus> on pcib0 ...
    (freebsd-stable)
  • Problems Building Bluetooth with K6 and CONFIG_REGPARM
    ... > # ACPI Support ...
    (Linux-Kernel)