Nmap Announce mailing list archives
Re: nmap or a rat in the set
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Mon, 15 Feb 1999 18:37:56 -0800
On Tue, 16 Feb 1999, KHOO Guan Chen wrote:
When I tcp scan one port I find that my syslog will report connection refused from 4 ports. For example:- [root@daisy]# nmap -sF -p12345 localhost Starting nmap V. 2.07 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/) No ports open for host localhost (127.0.0.1) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds [root@daisy]# tail /var/log/messages <snip> Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1, port 80
This is the port 80 ACK 'ping' scan that nmap does. Look at the -PI, -PT and -PB options.
Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1, port 45549
I'm not sure what this is. If your kernel generates a RST for the port 80 packet instead of dropping it, it might be this reply, but i don't see why that wouldn't have caused another reply and a little TCP loopback storm...
Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1, port 12345
This is the actual scan packet.
Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1, port 45529
And this looks like another bounce, or something...
It does not matter which port I specify, I will always get a reject for port 80 also. UDP scan also produced funny results.
[...snip...]
Doesn't matter what port I specify. I will get connection rejected from port 80. Can someone be kind enough to straighten me out?
use -PI if you don't want port 80 hits. the port 80 ACK scan is to get by firewalls and packet filters that drop ICMP. -- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- nmap or a rat in the set KHOO Guan Chen (Feb 15)
- Re: nmap or a rat in the set Lamont Granquist (Feb 15)