nmap inconsistent results - via intermedite router?



I have the situation where I have 2 linux machines. Both are sarge and
both have nmap 3.81. One machine is on my home network, the other on
the internet.

When I run an nmap from my home machine to the internet machine, it
reports the 5190 (aol) port as open amongst the usual ssh etc. If I run
nmap from the internet machine itself (on its IP address, not loopback
etc), it does not have 5190 as open!

Having looked into this as much as I can, I think that nmap is picking
up a port from the home firewall (a DG834G, which is reported as having
this port specifically left open - amongst others).

But why does an outgoing request, targetted at a remote server then
come back with information from another source? How can I test the
server remotely if it doesn't bring back the right details?

Anyone any ideas? Apologies if this is not sufficient info. I need to
sleep and thought someone might be able to answer off the top of their
head.

Cheers,
ads

.



Relevant Pages

  • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
    ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ...
    (Incidents)
  • Re: Yes, trying to hack a remote control
    ... I attempted a telnet into that port, and it asked for a username/pass, ... and then upload a modified firmware to the remote. ... The latest versions of nmap have a feature whereby you can run scans ...
    (Security-Basics)
  • Re: how nmap can know my firewalled servers ?
    ... UDP or ICMP protocol), it will mark the port as closed. ... descrition, how NMAP determins, if the UDP port is open or closed. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
    (Security-Basics)
  • Re: FW: baby pen-test question
    ... I ALWAYS do an nmap sweep of varying degrees. ... As for testing a large network, I primarily base my efforts on the mission ... My first question is about port scanning. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Help understanding NMAP results
    ... >to do with IT) but I have been playing with old computers and Linux in my ... and is set to default DROP any packets ... Went over to a friend's house, and ran an NMAP scan against myself ... You could listen on that port and see what traffic is passing when you ...
    (Security-Basics)