Penetration Testing mailing list archives
RE: Very strange nmap scan results
From: "Rodrigo Dutra Salvalagio" <rsalvalagio () timbrasil com br>
Date: Mon, 24 Sep 2007 14:57:36 -0300
Hello Juan, This Pix will do that... You can reduce this false positive using -sV, this tell nmap to get Version number, from running services. Regards, Salvalagio -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Juan B Sent: sexta-feira, 21 de setembro de 2007 12:17 To: pen-test () securityfocus com Subject: Very strange nmap scan results
Hi all, For a client in scaning his Dmz from the internet. I know the servers are behind a pix 515 without any add security features ( they dont have any ips or the didnt enabled the ips feature of the pix). they also
dont have any honeypot etc..
the strange is that two I receive too many open ports! for example I scan the mail relay and although just port 25 is open it report lots of more open ports! this is the nmap scan I issued: nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA cpsa.txt ( I changed the ip's here...) and the result for the mail relay for example are: nteresting ports on mail.cpsa.com (200.61.44.50): PORT STATE SERVICE 1/tcp open tcpmux 2/tcp open compressnet 3/tcp open compressnet 4/tcp open unknown 5/tcp open rje 6/tcp open unknown 7/tcp open echo 8/tcp filtered unknown 9/tcp open discard 10/tcp open unknown 11/tcp open systat 12/tcp open unknown 13/tcp open daytime 14/tcp open unknown 15/tcp open netstat 16/tcp open unknown 17/tcp open qotd 18/tcp filtered msp 19/tcp open chargen 20/tcp open ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 24/tcp open priv-mail 25/tcp open smtp 26/tcp open unknown 27/tcp open nsw-fe 28/tcp open unknown 29/tcp open msg-icp 30/tcp open unknown 31/tcp open msg-auth 32/tcp open unknown 33/tcp open dsp 34/tcp open unknown this continues up to port 1024.. any ideas how to eliminate so many false positives? thanks a lot, Juan
________________________________________________________________________ ____________
Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings, and more! http://tv.yahoo.com/collections/3658
________________________________________________________________________ ____________ Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos. http://autos.yahoo.com/index.html ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Very strange nmap scan results Juan B (Sep 22)
- Re: Very strange nmap scan results Hans-J. Ullrich (Sep 22)
- Re: Very strange nmap scan results Adrian Sanabria (Sep 24)
- RE: Very strange nmap scan results Mohr, James (Sep 25)
- Re: Very strange nmap scan results Adrian Sanabria (Sep 24)
- RE: Very strange nmap scan results Rodrigo Dutra Salvalagio (Sep 24)
- <Possible follow-ups>
- Re: Very strange nmap scan results jason_jones98 (Sep 25)
- Re: Very strange nmap scan results Hans-J. Ullrich (Sep 22)