Security Basics mailing list archives
Re: ghostly mail ports
From: "GSimmonds" <gsimmonds () primus ca>
Date: Sat, 11 Jan 2003 17:15:41 -0500
----- Original Message ----- From: "joe" <joseph.beard () btopenworld com> To: <security-basics () securityfocus com> Sent: Tuesday, January 07, 2003 7:45 PM Subject: ghostly mail ports
192.168.0.1 Responded in 0 ms. 0 hops away Responds with ICMP unreachable: No TCP ports: 25 110 135 139 445 --------------------------------------------------------------------------
--
- Scan finished at Wed Jan 08 00:37:09 2003 1 IP and 1000 ports scanned in 0 hours 0 mins 18.16 secs but in netstat, activeports, fport they dont! does anybody know where they have come from? i googled for ages but dont seem to be getting anywhere.
I'm curious about the discrepancy between the scanner and the port monitor outputs. First thing I would do, if you're scanning from another machine, is double check your IP address. If you're scanning from your machine, replace 192.168.0.1 with 127.0.0.1 and see what that shows. You're correct in saying that an open port requires a process behind it. Maybe you read this article already, might give you some ideas. 2. Windows Forensics: A Case Study, Part One by Stephen Barish http://online.securityfocus.com/infocus/1653 Of course, sans.org will also have some good walkthroughs. Regards, Gary
Current thread:
- ghostly mail ports joe (Jan 09)
- Re: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports KEvin (Jan 10)
- RE: ghostly mail ports David Gillett (Jan 10)
- RE: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports Florian Hobelsberger / BlueScreen (Jan 10)
- Re: ghostly mail ports adam (Jan 11)
- Re: ghostly mail ports John Jasen (Jan 11)
- Re: ghostly mail ports Don Voss (Jan 11)
- Re: ghostly mail ports GSimmonds (Jan 14)
- <Possible follow-ups>
- RE: ghostly mail ports Security Newsletters-TM (Jan 10)
- Re: ghostly mail ports joe (Jan 10)
- Re: ghostly mail ports Brian Bruns (Jan 13)