Re: Nmap /w snort
From: Dave Raven (dave@raven.za.net)
Date: 05/30/02
- Next message: nathan skains: "re: Nmap/Snort"
- Previous message: Dave Raven: "Re: ipfw issue with nmap false alarms"
- In reply to: nathan skains: "Nmap /w snort"
- Next in thread: Dave Raven: "Re: ipfw issue with nmap false alarms"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Raven" <dave@raven.za.net> To: "nathan skains" <nskains@comcast.net>, <freebsd-security@FreeBSD.ORG> Date: Thu, 30 May 2002 09:20:31 +0200
is 192.168.0.5 the box? That might be the problem,
scanning yourself is no good.
Fix the nmap problem by making more bpf devices.
cd /dev/ && sh ./MAKEDEV bpf4 bpf5 bpf6
Does that port change? Or always stay the same?
check sockstat. check netstat.
--Dave.
----- Original Message -----
From: "nathan skains" <nskains@comcast.net>
To: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 30, 2002 7:33 AM
Subject: Nmap /w snort
> i am having a similar problem earlier today i did a scan on my system and
go
> the following results. later i ran another scan and got another weird port
> open, i am concerned with a comprimise.
> Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
>
> Interesting ports on (192.168.0.5):
>
> (The 1545 ports scanned but not shown below are in state: closed)
>
> Port State Service
>
> 21/tcp open ftp
>
> 22/tcp open ssh
>
> 25/tcp open smtp
>
> 80/tcp open http
>
> 110/tcp open pop-3
>
> 113/tcp open auth
>
> 587/tcp open submission
>
> 1492/tcp open stone-design-1 << concern about this port being open
>
> 3306/tcp open mysql
>
> 6667/tcp open irc
>
> 6668/tcp open irc
>
> when i try an nmap as root i get this error
>
> Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
> pcap_open_live: (no devices found) /dev/bpf4: No such file or directory
> There are several possible reasons for this, depending on your operating
> system:
> LINUX: If you are getting Socket type not supported, try modprobe
af_packet
> or recompile your kernel with SOCK_PACKET enabled.
> *BSD: If you are getting device not configured, you need to recompile
your
> kernel with Berkeley Packet Filter support. If you are getting No such
file
> or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or
use
> mknod).
> SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No
such
> file or directory', complain to Sun. I don't think Solaris can support
> advanced localhost scans. You can probably use "-P0 -sT localhost"
though.
>
> but if i throw options in like -P0 -sT it works go figure.
> any ideas would be greatly appreicated.
>
> Nathan
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: nathan skains: "re: Nmap/Snort"
- Previous message: Dave Raven: "Re: ipfw issue with nmap false alarms"
- In reply to: nathan skains: "Nmap /w snort"
- Next in thread: Dave Raven: "Re: ipfw issue with nmap false alarms"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
