Re: ipfw issue with nmap false alarms
From: Dave Raven (dave@raven.za.net)
Date: 05/30/02
- Next message: Dave Raven: "Re: Nmap /w snort"
- Previous message: nathan skains: "Nmap /w snort"
- In reply to: Brett Moore: "RE: ipfw issue with nmap false alarms"
- Next in thread: Peter C. Lai: "Re: ipfw issue with nmap false alarms"
- Reply: Peter C. Lai: "Re: ipfw issue with nmap false alarms"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Raven" <dave@raven.za.net> To: <George.Giles@mcmail.vanderbilt.edu>, <freebsd-security@FreeBSD.ORG> Date: Thu, 30 May 2002 09:11:49 +0200
That is the problem, your scanning localhost.
rather scan an external card.
--Dave.
----- Original Message -----
From: "Brett Moore" <brett@softwarecreations.co.nz>
To: <George.Giles@mcmail.vanderbilt.edu>; <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 30, 2002 5:27 AM
Subject: RE: ipfw issue with nmap false alarms
> Others may correct me if I am wrong here.
>
> I have had the same 'problem'. I was told/read that nmap may sometimes
> report the port that it is using as open when run against localhost.
>
> Try 2.54BETA34 its for d/l at the site.
>
> Brett
>
>
> > -----Original Message-----
> > From: owner-freebsd-security@FreeBSD.ORG
> > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of
> > George.Giles@mcmail.vanderbilt.edu
> > Sent: Thursday, 30 May 2002 15:06
> > To: freebsd-security@FreeBSD.ORG
> > Subject: ipfw issue with nmap false alarms
> >
> >
> > nmap reports as expected when scanning the actual ip address, but when
run
> > against localhost various open ports show up.
> >
> > Any ideas ?
> >
> > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> > Interesting ports on localhost (127.0.0.1):
> > (The 1540 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 21/tcp open ftp
> > 22/tcp open ssh
> > 53/tcp open domain
> > 80/tcp open http
> > 443/tcp open https
> > 1669/tcp open netview-aix-9
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
> > bash-2.05$ nmap localhost
> >
> > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> > Interesting ports on localhost (127.0.0.1):
> > (The 1540 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 21/tcp open ftp
> > 22/tcp open ssh
> > 53/tcp open domain
> > 80/tcp open http
> > 443/tcp open https
> > 2044/tcp open rimsl
> >
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
> > bash-2.05$ nmap localhost
> >
> > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> > Interesting ports on localhost (127.0.0.1):
> > (The 1539 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 21/tcp open ftp
> > 22/tcp open ssh
> > 53/tcp open domain
> > 80/tcp open http
> > 443/tcp open https
> > 2003/tcp open cfingerd
> > 3306/tcp open mysql
> >
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Dave Raven: "Re: Nmap /w snort"
- Previous message: nathan skains: "Nmap /w snort"
- In reply to: Brett Moore: "RE: ipfw issue with nmap false alarms"
- Next in thread: Peter C. Lai: "Re: ipfw issue with nmap false alarms"
- Reply: Peter C. Lai: "Re: ipfw issue with nmap false alarms"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
