Re: Very strange nmap scan results

Yes I did.

for example fort 25 and its opened.

--- Brian Laing <brian@xxxxxxxxxxx> wrote:

Also have you tried to telnet into some of these
ports to verify they
are or are not listening?

Brian Laing
Chief Security Officer
Cellphone: +1 650.280.2389
Office: +1 (888) 845-8169 Ext. 805
Email: brian@xxxxxxxxxxx

Redseal Systems ?

Instant Visibility. Threats Averted.


On Sep 20, 2007, at 9:22 PM, infos3c@xxxxxxxxx

Hi Juan,

Here you have used TCP connect scan [nmap -sT].Are
you getting same
list of open ports for Syn scan [nmap -sS] also?

if you are getting the same ports for Syn scan
then put a sniffer
to see whether you are receiving SynAck from the
IP you are
scanning. If there are no replies coming the
problem is local o
your machine from where you are doing scanning.
However if there
are replies (SynAck) coming, then you know some
one is responding
to your scanning.

At the end of this if you conclude that the host
being scanned
(PIX) is really replying for all these connection
attempts then you
can try "Firewalking" on random ports to pass
through the

Hope this helps

Check out the hottest 2008 models today at Yahoo! Autos.

Relevant Pages

  • Re: Starting iptables
    ... it is not clear that you need a firewall at all. ... just don't open any ports. ... "netstat -putl" will let you find out what listening ports are open. ... mysql is listening on tcp port 3306. ...
  • Re: UPHClean log question
    ... A quick check to see which ports the computer is listening on is to run ... > Windows Firewall saying that the application svchost.exe has been blocked ... > extract from UPHClean might indicating a specific problem that should be ...
  • Re: UDP Ports, closing Win2K Server (No IIS)
    ... What's listening on UDP 995? ... The worm spreads via email but some antivirus vendors report ... against using IPSec as a firewall, and blocking just one or two ports here ...
  • Re: Win2k Netstat sockets interpretation
    ... I have deleted "file and print sharing" under "internet connections and disbled most recognizable "remote access" services under 'services.msc' but ZA detects a few remote access modules running and gives them permission if select "OK" to the suggested query. ... notice randomly ports assigned to urls or ip addresss. ... 'netstat' on Win2K provides a view on the state of the *TDI interface*, ... something appearing as listening means "an outstanding request to ...
  • Re: Many Connections from each Web Client
    ... In case inetinfo.exe is listening on random ports, have you enabled FTP ... Microsoft Online Community Support ...