Security Basics mailing list archives
RE: help interpreting the nmap output
From: "Harshul Nayak" <harshul.nayak () patni com>
Date: Fri, 17 Dec 2004 09:46:09 +0530
Hello Ivan, what ever results u got were as per the nmap's expected behaviour.. why not try tools like superscan or nessus .. who use banner grabbing techniques to recognise applications. -regs Harshul -----Original Message----- From: Ivan Fratric [mailto:hacky_2001 () hotmail com] Sent: Wednesday, December 15, 2004 12:13 AM To: security-basics () securityfocus com Subject: help interpreting the nmap output Hi, I'm running nmap on Windows XP. Normally, it works fine (when I use it to scan a computer for which I know what services it's running) and returns detailed info on the services installed. However, I tried to run it on a web server on the Internet and I have trouble getting all the info. Using -A -T4 options on a server and I receive the following reply (The 1441 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 5/tcp closed rje 14/tcp closed unknown 21/tcp open ftp? 22/tcp closed ssh 23/tcp open telnet? 26/tcp closed unknown 44/tcp closed mpm-flags 53/tcp closed domain 61/tcp closed ni-mail 63/tcp closed via-ftp 66/tcp closed sql*net 79/tcp closed finger 80/tcp open http? 93/tcp closed dcp 107/tcp closed rtelnet 113/tcp closed auth 131/tcp closed cisco-tna 143/tcp closed imap 144/tcp closed news 166/tcp closed s-net 168/tcp closed rsvd 169/tcp closed send 176/tcp closed genrad-mux 177/tcp closed xdmcp 179/tcp closed bgp 188/tcp closed mumps 194/tcp closed irc 199/tcp closed smux 200/tcp closed src 204/tcp closed at-echo 207/tcp closed at-7 209/tcp closed tam 210/tcp closed z39.50 220/tcp closed imap3 222/tcp closed rsh-spx 225/tcp closed unknown 227/tcp closed unknown 228/tcp closed unknown 234/tcp closed unknown 245/tcp closed link 256/tcp closed FW1-secureremote 260/tcp closed openport 265/tcp closed maybeFW1 272/tcp closed unknown 276/tcp closed unknown 277/tcp closed unknown 279/tcp closed unknown 281/tcp closed personal-link 307/tcp closed unknown 308/tcp closed novastorbakcup 320/tcp closed unknown 321/tcp closed pip 325/tcp closed unknown 332/tcp closed unknown 348/tcp closed csi-sgwp 355/tcp closed datex-asn 359/tcp closed tenebris_nts 360/tcp closed scoi2odialog 364/tcp closed aurora-cmgr 389/tcp closed ldap 404/tcp closed nced 411/tcp closed rmt 418/tcp closed hyper-g 423/tcp closed opc-job-start 426/tcp closed smartsdp 434/tcp closed mobileip-agent 436/tcp closed dna-cml 437/tcp closed comscm 442/tcp closed cvc_hostd 443/tcp open https? 449/tcp closed as-servermap 472/tcp closed ljk-login 487/tcp closed saft 496/tcp closed pim-rp-disc 504/tcp closed citadel 506/tcp closed ohimsrv 509/tcp closed snare 524/tcp closed ncp 533/tcp closed netwall 537/tcp closed nmsp 547/tcp closed dhcpv6-server 554/tcp closed rtsp 560/tcp closed rmonitor 575/tcp closed vemmi 578/tcp closed ipdd 582/tcp closed scc-security 586/tcp closed password-chg 601/tcp closed unknown 612/tcp closed unknown 623/tcp closed unknown 626/tcp closed unknown 630/tcp closed unknown 635/tcp closed unknown 636/tcp closed ldapssl 638/tcp closed unknown 644/tcp closed unknown 659/tcp closed unknown 675/tcp closed unknown 677/tcp closed unknown 678/tcp closed unknown 686/tcp closed unknown 688/tcp closed unknown 714/tcp closed unknown 716/tcp closed unknown 721/tcp closed unknown 724/tcp closed unknown 725/tcp closed unknown 729/tcp closed netviewdm1 743/tcp closed unknown 766/tcp closed unknown 781/tcp closed hp-collector 790/tcp closed unknown 793/tcp closed unknown 795/tcp closed unknown 803/tcp closed unknown 805/tcp closed unknown 819/tcp closed unknown 844/tcp closed unknown 847/tcp closed unknown 848/tcp closed unknown 852/tcp closed unknown 857/tcp closed unknown 884/tcp closed unknown 888/tcp closed accessbuilder 901/tcp closed samba-swat 904/tcp closed unknown 914/tcp closed unknown 933/tcp closed unknown 949/tcp closed unknown 950/tcp closed oftep-rpc 976/tcp closed unknown 984/tcp closed unknown 985/tcp closed unknown 993/tcp closed imaps 995/tcp closed pop3s 999/tcp closed garcon 1006/tcp closed unknown 1009/tcp closed unknown 1011/tcp closed unknown 1013/tcp closed unknown 1017/tcp closed unknown 1040/tcp closed netsaint 1068/tcp closed instl_bootc 1084/tcp closed ansoft-lm-2 1347/tcp closed bbn-mmc 1352/tcp closed lotusnotes 1370/tcp closed us-gv 1374/tcp closed molly 1376/tcp closed ibm-pps 1400/tcp closed cadkey-tablet 1402/tcp closed prm-sm-np 1410/tcp closed hiq 1415/tcp closed dbstar 1419/tcp closed timbuktu-srv3 1420/tcp closed timbuktu-srv4 1445/tcp closed proxima-lm 1450/tcp closed dwf 1457/tcp closed valisys-lm 1459/tcp closed proshare1 1460/tcp closed proshare2 1481/tcp closed airs 1483/tcp closed afs 1484/tcp closed confluent 1494/tcp closed citrix-ica 1496/tcp closed liberty-lm 1499/tcp closed fhc 1513/tcp closed fujitsu-dtc 1516/tcp closed vpad 1527/tcp closed tlisrv 1534/tcp closed micromuse-lm 1535/tcp closed ampr-info 1542/tcp closed gridgen-elmd 1552/tcp closed pciarray 1662/tcp closed netview-aix-2 1665/tcp closed netview-aix-5 1672/tcp closed netview-aix-12 1680/tcp closed CarbonCopy 1720/tcp closed H.323/Q.931 1723/tcp closed pptp 1755/tcp closed wms 1986/tcp closed licensedaemon 1988/tcp closed tr-rsrb-p2 1993/tcp closed snmp-tcp-port 1997/tcp closed gdp-port 2003/tcp closed cfingerd 2008/tcp closed conf 2042/tcp closed isis 2046/tcp closed sdfunc 2047/tcp closed dls 2401/tcp closed cvspserver 2603/tcp closed ripngd 2784/tcp closed www-dev 3000/tcp closed ppp 3389/tcp closed ms-term-serv 4333/tcp closed msql 4672/tcp closed rfa 4998/tcp closed maybeveritas 5010/tcp closed telelpathstart 5145/tcp closed rmonitor_secure 5191/tcp closed aol-1 5232/tcp closed sgi-dgl 5236/tcp closed padl2sim 5405/tcp closed pcduo 5530/tcp closed sdserv 5680/tcp closed canna 6003/tcp closed X11:3 6105/tcp closed isdninfo 6111/tcp closed spc 6141/tcp closed meta-corp 6142/tcp closed aspentec-lm 6588/tcp closed analogx 7007/tcp closed afs3-bos 8007/tcp closed ajp12 8892/tcp closed seosload 13701/tcp closed VeritasNetbackup 13717/tcp closed VeritasNetbackup 19150/tcp closed gkrellmd 22289/tcp closed wnn6_Cn 31337/tcp closed Elite 32773/tcp closed sometimes-rpc9 32786/tcp closed sometimes-rpc25 65301/tcp closed pcanywhere Too many fingerprints match this host to give specific OS details So, why the question marks next to the open protocols? Next I tried connecting to the telnet and ftp, but I get disconnected straight away. So I tried to get more info on the http and https by calling nmap with -sV -p 80 or -sV -p 443 options. Since it's a web server it is certainly running those services. I get something like 80/tcp open Apache httpd Anyway, no sign of the Apache version. So, how can I find out what version of the Apache a server is running? What is the best way to proceed from here? TIA _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ http://www.patni.com World-Wide Partnerships. World-Class Solutions. _____________________________________________________________________ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin () patni com and delete this mail. _____________________________________________________________________
Current thread:
- help interpreting the nmap output Ivan Fratric (Dec 14)
- RE: help interpreting the nmap output Harshul Nayak (Dec 17)
- <Possible follow-ups>
- Re: help interpreting the nmap output miguel . dilaj (Dec 15)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output miguel . dilaj (Dec 17)