RE: NMAP scan

From: Jef Feltman (feltman@pacbell.net)
Date: 09/20/02


Date: Thu, 19 Sep 2002 16:30:06 -0700
From: Jef Feltman <feltman@pacbell.net>
To: security-basics@securityfocus.com

it is UDP traffic, I have never seen FTP traffic work on UDP, only TCP.

how do you know NMAP is doing this?

jef

-----Original Message-----
From: Mel [mailto:rockchick@totalise.co.uk]
Sent: Monday, September 16, 2002 3:43 AM
To: security-basics@securityfocus.com
Subject: NMAP scan

Hi

Can anyone tell me what particular vulnerability this NMAP scan is probing
for?

UDP_43555-20
[**] Snort Unmatched [**]
08/22-18:09:52.732955 161.73.38.103:45552 -> 192.168.1.20:20
UDP TTL:54 TOS:0x0 ID:32141 IpLen:20 DgmLen:328
Len: 308
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggggggg
67 67 67 67 67 67 67 67 67 67 67 67 gggggggggggg

I can see that it's some kind of FTP exploit from the destination source
port number, but otherwise I can find no further information on it, and
google searches have returned nothing.

Thanks in advance
Melanie



Relevant Pages

  • Re: nmap ?
    ... >> NMAP is wishing you luck if you think you want to try to predict TCP ... >> sequence numbers. ... > number" to use in your packets then your packets may look real. ... On the subject of Nmap, maybe you can tell me why Nmap and GFI Languard ...
    (comp.os.linux.security)
  • [TOOL] Nmap Version 3.0 Released
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... We are pleased to announce that Nmap version is finally available at ... o Added ICMP Timestamp and Netmask ping types. ... Nmap still allows TCP "ping" as ...
    (Securiteam)
  • Re: NMAP probing of network ports
    ... > How do I cause freeBSD 5.4 to not respond to an nmap ... security policy and setting up an appropriate firewall architecture, ... the TCP option string of "WNMTE"; ...
    (freebsd-questions)
  • detect ip spoofing attack
    ... Hi, i tink im suffering an ip spoofing attack, my internet link is at 90% and mostly outgoing traffic, im using pf, so i run pftop and i see a lot of connections from one specific ip address, but this address is not assigned to any pc, and it doesnt respond ping either, nmap doesnt report any open port. ... tcp Out 192.168.206.68:1612 ... All 1697 scanned ports on 192.168.206.68 are filtered ...
    (freebsd-questions)
  • Re: router security
    ... My impression is that GRC does a simple TCP connect to your ports of interest. ... NMap, as Donnie suggests, will do a more thorough test (I count over a dozen ... equivalent to the GRC NanoProbe. ...
    (alt.computer.security)