Re: Is my home computer at risk knowing that nmap says...

On Mon, 29 May 2006, in the Usenet newsgroup comp.os.linux.security, in article
<slrne7nbb2.76i.ibuprofin@xxxxxxxxxxxxxxxxx>, I wrote:

On the other hand, the output from a nmap gives me a single line... (see
way below in this long appendix...) My feeling is that is a bit strange to
have a single line...

Is that this line?

tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
96 bytes
05:34:51.800847 IP (tos 0x0, ttl 52, id 41968, offset 0, flags [none],
length: 28) 192.168.39.199 > 64.6.196.207: icmp 8: echo request seq
36887

Your system sent a ping (ICMP Type 8 Code 0) out, and nothing came back.

It dawns on me - I looked at port 80 - what do the other ports look like?

13 POS7-0.WANB-MTRLPQ.IP.GROUPTELECOM.NET (66.59.191.177) 239.811 ms
219.398 ms 229.750 ms
14 216.18.72.154 (216.18.72.154) 229.697 ms 239.395 ms 229.718 ms
15 h216-18-114-42.gtconnect.net (216.18.114.42) 229.773 ms 239.443 ms
229.752 ms
16 h66-201-197-6.gtcust.grouptelecom.net (66.201.197.6) 239.709 ms
239.400 ms 229.722 ms
17 * * *

Now, I happen to know from another test that hop 17 for me is the
destination. Bingo - your firewall rules are set to 'stealth mode'
(which in iptables is 'DROP' or in IPCHAINS is 'DENY'). You won't see a
reply from this host unless you look at an open port. Thus, the
symptom you see above (no ICMP output when using nmap) is correct.
This host won't send a FOAD packet - it just ignores things.

OK - nothing wrong with your host - now find out what it is that nmap
is seeing. My guess is that it is something funny set up on the NAT
box at the ISP in Thailand.

Hmmm, now that is _two_ virtual Molsons (or Singha's - I like them too)
that you owe me ;-)

Old guy
.

Relevant Pages

  • Re: Port 80 open without WebServer
    ... listening in port 80. ... are not private IPs so you could be scanning a host outside your net. ... > with nessus and nmap. ... I ran the same command of the ...
    (Security-Basics)
  • =?iso-8859-1?Q?Re:_Portscanner_f=FCr_Port_5800_und_5900_gesucht?=
    ... Bei folgendem Befehl erhalte ich folgende Meldung: ... PORT STATE SERVICE ... Nmap done: 1 IP address (1 host up) scanned in 0.534 seconds ...
    (microsoft.public.de.windows.vista.netzwerk)
  • Re: Port 80 open without WebServer
    ... >Host A: ... >with nessus and nmap. ... >- In iptables has not redirect to port 80. ... >pen testing experience in our state of the art hacking lab. ...
    (Security-Basics)
  • Re: Port 80 open without WebServer
    ... Router ADSL - does the connection of the host A with ... with nessus and nmap. ... In iptables has not redirect to port 80. ...
    (Security-Basics)
  • Re: A firewall wont stop this one
    ... On top of that I implement IPF on each host ... >> for further access control to limit NFS, ... By restricting access to the NFS server. ... >> via port filtering that only allowed specific hosts rather than all. ...
    (alt.computer.security)