Security Basics mailing list archives
Re: Very strange nmap scan results
From: Juan B <juanbabi () yahoo com>
Date: Fri, 21 Sep 2007 10:14:28 -0700 (PDT)
Yes I did. for example fort 25 and its opened. Juan --- Brian Laing <brian () redseal net> wrote:
Also have you tried to telnet into some of these ports to verify they are or are not listening?
--------------------------------------------------------------------
Brian Laing Chief Security Officer Cellphone: +1 650.280.2389 Office: +1 (888) 845-8169 Ext. 805 Email: brian () redseal net Redseal Systems http://www.redseal.net Instant Visibility. Threats Averted.
-------------------------------------------------------------------
On Sep 20, 2007, at 9:22 PM, infos3c () gmail com wrote:Hi Juan, Here you have used TCP connect scan [nmap -sT].Areyou getting samelist of open ports for Syn scan [nmap -sS] also? if you are getting the same ports for Syn scanthen put a snifferto see whether you are receiving SynAck from theIP you arescanning. If there are no replies coming theproblem is local oyour machine from where you are doing scanning.However if thereare replies (SynAck) coming, then you know someone is respondingto your scanning. At the end of this if you conclude that the hostbeing scanned(PIX) is really replying for all these connectionattempts then youcan try "Firewalking" on random ports to passthrough thefirewall..... Hope this helps
____________________________________________________________________________________ Check out the hottest 2008 models today at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
Current thread:
- Very strange nmap scan results Juan B (Sep 20)
- Re: Very strange nmap scan results Steven Hollingsworth (Sep 21)
- <Possible follow-ups>
- Re: Very strange nmap scan results infos3c (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Juan B (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)