Re: Very strange nmap scan results
- From: "Hans-J. Ullrich" <hans.ullrich@xxxxxxx>
- Date: Sat, 22 Sep 2007 16:11:54 +0200
Am Freitag 21 September 2007 schrieb Juan B:
Hi all,
For a client in scaning his Dmz from the internet.
I know the servers are behind a pix 515 without any
add security features ( they dont have any ips or
the
didnt enabled the ips feature of the pix). they also
dont have any honeypot etc..
the strange is that two I receive too many open
ports!
for example I scan the mail relay and although just
port 25 is open it report lots of more open ports!
this is the nmap scan I issued:
nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA
cpsa.txt
( I changed the ip's here...)
and the result for the mail relay for example are:
nteresting ports on mail.cpsa.com (200.61.44.50):
PORT STATE SERVICE
1/tcp open tcpmux
2/tcp open compressnet
3/tcp open compressnet
4/tcp open unknown
5/tcp open rje
6/tcp open unknown
7/tcp open echo
8/tcp filtered unknown
9/tcp open discard
10/tcp open unknown
11/tcp open systat
12/tcp open unknown
13/tcp open daytime
14/tcp open unknown
15/tcp open netstat
16/tcp open unknown
17/tcp open qotd
18/tcp filtered msp
19/tcp open chargen
20/tcp open ftp-data
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
24/tcp open priv-mail
25/tcp open smtp
26/tcp open unknown
27/tcp open nsw-fe
28/tcp open unknown
29/tcp open msg-icp
30/tcp open unknown
31/tcp open msg-auth
32/tcp open unknown
33/tcp open dsp
34/tcp open unknown
this continues up to port 1024..
any ideas how to eliminate so many false positives?
thanks a lot,
Juan
___________________________________________________________________________
_________
Catch up on fall's hot new shows on Yahoo! TV. Watch
previews, get listings, and more!
http://tv.yahoo.com/collections/3658
___________________________________________________________________________
_________ Don't let your dream ride pass you by. Make it a reality with
Yahoo! Autos. http://autos.yahoo.com/index.html
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Hi Juan !
Yes, this happnes, when there is a "firewall" running. I have portsentry
running, and when I do a portscan, it seems, every ports are available.
Indeed, they are not ! And if someone is scanning me, portsentry has already
detected it and is executing the preconfigurated task (i.e. logging,
diconnecting, putting IP into /etc/hosts.deny or whatever I told it)
Best regards
Hans
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Follow-Ups:
- Re: Very strange nmap scan results
- From: Adrian Sanabria
- Re: Very strange nmap scan results
- References:
- Very strange nmap scan results
- From: Juan B
- Very strange nmap scan results
- Prev by Date: Re: R: WifiZoo v1.1
- Next by Date: CREST Information
- Previous by thread: Very strange nmap scan results
- Next by thread: Re: Very strange nmap scan results
- Index(es):
Relevant Pages
|
|
