Nmap Development mailing list archives
Anyone have an idea which might have triggered this?
From: "Kurt Buff - GSEC, GCIH" <kurt.buff () gmail com>
Date: Thu, 15 Aug 2019 13:18:55 -0700
I was running zenmap against a /24 (excluding my own IP address) doing the slow comprehensive scan, and it completed successfully around 22:00 Pacific last night. I left the machine running, and just now (12:40 Pacific) I got an alert from Carbon Black on this machine: 12:40:36 pmAug 15, 2019 nmap.exe (Run as US-IT-LOANERL2\Admin) The application C:\Program Files (x86)\Nmap\nmap.exe established a UDP/65495 connection to 187.1.0.0:65495 (187.1.0.0, located in Itaberaba 05, Brazil) from 128.18.255.255:516. The device was on the corporate network using the public address xx.yy.zz.aa (128.18.255.255, located in Redmond WA, United States). The operation was successful. The public address "xx.yy.zz.aa" doesn't match the 128.18.255.255 address - I have no idea where that came from. The only apps running on this machine were Chrome and nmap/zenmap. It's a Win10 box. Would this be nmap checking for updates, or something else known to nmap experts? Is there any way to trace or determine what nmap might have been doing during this event? Thanks, Kurt _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Anyone have an idea which might have triggered this? Kurt Buff - GSEC, GCIH (Aug 15)