Security Basics mailing list archives
Re: Very strange nmap scan results
From: Steven Hollingsworth <steven () aznc com>
Date: Fri, 21 Sep 2007 09:13:00 -0700
On Thu, Sep 20, 2007 at 07:18:04PM -0700, Juan B wrote:
Hi all, For a client in scaning his Dmz from the internet. [snip] nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA cpsa.txt ( I changed the ip's here...) and the result for the mail relay for example are: nteresting ports on mail.cpsa.com (200.61.44.50): PORT STATE SERVICE [snip] 31/tcp open msg-auth 32/tcp open unknown 33/tcp open dsp 34/tcp open unknown this continues up to port 1024.. any ideas how to eliminate so many false positives?
Juan, Look at a program called firewalk [0] I believe the results of the nmap scan you did is common to firewall/gateway devices due to behavior in the tcp/ip stack [1]. I believe it may also have to do with what type of scan you're doing [2]. HTH, ~ stevo [0] - http://www.packetfactory.net/firewalk/firewalk-final.pdf [1] - http://en.wikipedia.org/wiki/Port_scanner [2] - man 1 nmap
Current thread:
- Very strange nmap scan results Juan B (Sep 20)
- Re: Very strange nmap scan results Steven Hollingsworth (Sep 21)
- <Possible follow-ups>
- Re: Very strange nmap scan results infos3c (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Juan B (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)