Security Basics mailing list archives

Re: Weird TCP 1755 port on freebsd box

From: "Rick Zhong" <isc00801 () nus edu sg>
Date: Tue, 7 Oct 2003 05:18:10 +0800

hi,
thanks for all the replies... i have realized that this weird tcp 1755 port
thing is all due to the firewall (or other settings?)  of my schools'
network where i launch the nmap scanning and telnet.

My server is outside my school's network, therefore when i use my pc (which
is inside my school's firewall) to scan my freebsd box , it shows that the
1755 port is opened on the freebsd box. (i scanned all the 20 machines on
the same IP segment with my server and all shows port 1755 is opened.)  If i
use a machine outside my school's network to scan the freebsd box, there is
no 1755 port and telnet also cannot connect.

Now I am just wondering what kind of firewall/LAN  setting can cause nmap to
get this kind of discrepancy.

regards,
Rick





----- Original Message ----- 
From: "Ranjeet Shetye" <ranjeet.shetye2 () zultys com>
To: "Rick Zhong" <isc00801 () nus edu sg>
Cc: <security-basics () securityfocus com>
Sent: Tuesday, October 07, 2003 4:12 AM
Subject: Re: Weird TCP 1755 port on freebsd box

On Fri, 2003-10-03 at 16:27, Rick Zhong wrote:

hi, all
this is really strange. I detected opened 1755 (wms) port on my freebsd

box.

(i use nmap to scan and also verify it using telnet to the port.)

However i

cannot find  any services which is using this port on my server. (it

seems

all the machine in this IP range opens 1755 port according to nmap,

this

is very weird)

Also i tried to block the incoming traffic to this port by adding (deny

from

any to myaddress 1755 ) to my ipfw rules , but it seems i can still

reach

the port. Meanwhile snort also detects a lot of cyberkit ICMP (Welchia i
believe) packets targeting at port 135 on my server.

Anyone can give me some enlightment on this . thanks.

regards,
Rick


--------------------------------------------------------------------------


--------------------------------------------------------------------------

--


what does netstat -tupan tell you ?
-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/

The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.




---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: Country based IPs, (continued)
- RE: Country based IPs Seyberth Allan R Contr AFRL/VSIO (Oct 02)
- Re: Country based IPs salgak (Oct 02)
- RE: Country based IPs Matthew F. Caldwell (Oct 02)
  - Re: Country based IPs Meritt James (Oct 03)
- RE: Country based IPs James McKiernan (Oct 03)
- RE: Country based IPs Matthew F. Caldwell (Oct 03)
  - Re: Country based IPs Meritt James (Oct 03)
  - Re: Country based IPs Meritt James (Oct 03)
    - Weird TCP 1755 port on freebsd box Rick Zhong (Oct 06)
    - Re: Weird TCP 1755 port on freebsd box Ranjeet Shetye (Oct 06)
    - Re: Weird TCP 1755 port on freebsd box Rick Zhong (Oct 06)
    - Re: Weird TCP 1755 port on freebsd box Jackson Alley (Oct 08)