Security Basics mailing list archives
Re: Help understanding NMAP results
From: Nikolai Alexandrov <voyager123bg () gmail com>
Date: Tue, 12 Jul 2005 00:36:01 +0300
Theodore Wynnychenko wrote:
Try chkrootkit... is it possible the machine to be compromised? Do you have any active connections from that port? What does the "netstat -na" says? you are likely to find your port... Yet, if that is used only for firewall... there shouldn't be even single port open.So, while looking around, I came across NMAP, and decided to use it to scan myself. Went over to a friend's house, and ran an NMAP scan against myself (nmap -sS -v -P0 -O xx.xx.xx.xx), and it says "Discovered open port 5190/tcp".
Now, this really confuses me. When I scan myself using "online" scanners (directed specifically at 5190), I get back that packets were dropped/"stealthed," but NMAP says its open. I added a specific rule (in addition to the default drop policy) to drop anything to tcp 5190, but this made no difference. The "online" scanners still say nothing there, NMAP still says its open.
The -P0 does: Do not try to ping hosts at all before scanning them. This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall. It is only useful if your firewall doesn't return ICMP's :)
Nmap gets information for OS from various flags of returned tcp packets... google "OS fingerprinting" for more info.NMAPs OS identification gives me several possibilities including "Linux 2.4.x|2.5.x," so NMAP does seem to be getting some imformation from the firewall.
TCP 5190 is apparently related to AOL IM, but this is not something I have ever used, and I can't think of any reason why the LEAF Firewall would have it open.
Not necessarily related. It could be anything...
What am I missing? Thanks in advance for any help. bye - ted
Current thread:
- Help understanding NMAP results Theodore Wynnychenko (Jul 11)
- Re: Help understanding NMAP results Nikolai Alexandrov (Jul 12)
- Re: Help understanding NMAP results Emmanuel Goldstein (Jul 12)
- Re: Help understanding NMAP results forums () kentane net (Jul 12)
- Re: Help understanding NMAP results cygnuz1979 (Jul 12)
- Re: Help understanding NMAP results Sander (Jul 26)
- <Possible follow-ups>
- Re: Help understanding NMAP results mike king (Jul 12)