Re: nmap inconsistent results - via intermedite router?



Thanks for persisting.

SSH-ing into the remote machine (on the internet), I setup
this...(where source=home machine's internet ip, and dest=remote
machine's ip)

/home/adam# tcpdump -n -i eth0 | grep 5190
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
01:46:55.095342 IP source.2226 > dest.5190: S 4260908126:4260908126(0)
win 5808 <mss 1452,sackOK,timestamp 17554350 0,nop,wscale 0>
01:46:55.095396 IP dest.5190 > source.2226: R 0:0(0) ack 4260908127 win
0

On my local machine (behind the netgear router) I did this...
mirror:~# telnet dest 5190
Trying dest...
Connected to dest.
Escape character is '^]'.
Connection closed by foreign host.

I guess this is good - but not sure about the result. I do not have a
firewall on the remote machine.

Regards,
ads




Moe Trin wrote:
On 27 Feb 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1141027610.831687.122560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ads wrote:

I had a look at tcpdump and don't particularly want to understand at
that low level just yet. I'll take a look at it again in a few weeks.

Assuming that it's 5190/tcp that is open, on your local system start
'tcpdump -n -i eth0' (correct the interface as required). Then, simply
issue the command 'telnet remote_host 5190' and look at the tcpdump
output. Who is responding - what address?

I need to move on and for now, I'm happy to trust nmap! - so I'll just
continue to use if from the remote machine rather than try it from my
home machine.

Remember that it _can_ be confused.

netstat has never shown anything listening on 5190.

That's the good news. But what is responding?

Old guy

.



Relevant Pages

  • Re: PPTP VPN Startup Connect
    ... >> be on your machine or on the remote machine. ... >> keep the Internet connection on your machine. ... he is in a different location we had to set up the VPN to share files. ...
    (comp.dcom.vpn)
  • Re: ISA firewall problem?
    ... Information can flow to/from the internet, ... > then in turn flow to/from your LAN, ... My understanding is that if the remote machine is compromised to the ... The point is that in split-tunnel mode, it's automatically capable of transferring information between networks, without any compromise. ...
    (microsoft.public.windows.server.sbs)
  • Re: Sygate Personal Firewall
    ... >Sygate personal firewall is running on the host machine. ... >is that for the remote machine to see the Internet, I have to set Sygate to ... >machine is being used to access the internet. ...
    (comp.security.firewalls)
  • Re: Firewall Configuration Fails
    ... Did you enable Outlook over the Internet in CEICW? ... No the certificate is not installed on my remote machine. ...
    (microsoft.public.windows.server.sbs)
  • Re: PPTP VPN Startup Connect
    ... >Off course you open the vpn connection through the internet. ... You should *only* be able to access the remote machine (and ...
    (comp.dcom.vpn)