Re: freebsd-security Digest, Vol 71, Issue 2

From: c0ldbyte (c0ldbyte_at_myrealbox.com)
Date: 08/09/04

  • Next message: Neo-Vortex: "Re: freebsd-security Digest, Vol 71, Issue 2"
    Date: Sun, 8 Aug 2004 18:49:31 -0400 (EDT)
    To: freebsd-security@freebsd.org
    
    

    > From: Zoran Kolic <kolicz@eunet.yu>
    > Subject: about nmap
    > To: freebsd-security@freebsd.org
    > Message-ID: <20040808053526.GA652@kolic.net>
    > Content-Type: text/plain; charset=us-ascii
    >
    > Dear all!
    > Last evening I've noticed that
    > my 5.2 box had strange result
    > about nmap search. One port is
    > randomly open when I look from
    > user account. From root everything
    > looks as expected. The comp is
    > most time out of internet. The
    > last thing was adding "expect"
    > package. I am not paniced, could
    > be hiting... Or something in
    > "expect" package... It is random
    > port from 53000 to 57000.
    > Has someone any idea?
    > Best regards.
    >
    > ZK
    >
    Yes this is going to be one of the ports that nmap uses to relay or
    recieve information back to the client itself. Everything that has
    anything to do with analyzing the network is going to open a port
    to recieve back on and most commonly if its because your noticing
    that port well scanning from a user account its just because of the
    nmap software picking that port up and not ignoring it like it should
    be.

           This e-mail may be privileged and/or confidential, and the sender
    does not waive any related rights and obligations. Any distribution, use
    or copying of this e-mail or the information it contains by other than an
    intended recipient is unauthorized. If you received this e-mail in error,
    please advise me (by return e-mail or otherwise) immediately.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Neo-Vortex: "Re: freebsd-security Digest, Vol 71, Issue 2"

    Relevant Pages

    • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
      ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ...
      (Incidents)
    • Re: Yes, trying to hack a remote control
      ... I attempted a telnet into that port, and it asked for a username/pass, ... and then upload a modified firmware to the remote. ... The latest versions of nmap have a feature whereby you can run scans ...
      (Security-Basics)
    • Re: how nmap can know my firewalled servers ?
      ... UDP or ICMP protocol), it will mark the port as closed. ... descrition, how NMAP determins, if the UDP port is open or closed. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
      (Security-Basics)
    • Re: FW: baby pen-test question
      ... I ALWAYS do an nmap sweep of varying degrees. ... As for testing a large network, I primarily base my efforts on the mission ... My first question is about port scanning. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: Help understanding NMAP results
      ... >to do with IT) but I have been playing with old computers and Linux in my ... and is set to default DROP any packets ... Went over to a friend's house, and ran an NMAP scan against myself ... You could listen on that port and see what traffic is passing when you ...
      (Security-Basics)