Security Basics mailing list archives
Re: Interpreting the results of an NMAP scan
From: infolookup () gmail com
Date: Fri, 24 Apr 2009 16:44:13 +0000
Dan, It looks like the might be some port forwarding going on, that's why you are able to see the Exchange server from the outside, in order for you to access outlook web access you need port 443 or 80 depends on your setup, and in order to send or receive email you need port 25 smtp open. As far as seeing the Linksys from the outside there should be a option to drop icmp probes, this will block pings, but if you set the correct scan type via nmap you might still find these ports since the a necessary for functionality. Hope this helped! Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Dan Fauxpoint <danielfauxpoint () yahoo com> Date: Wed, 22 Apr 2009 18:57:55 To: <security-basics () securityfocus com> Subject: Interpreting the results of an NMAP scan Hello, I am helping a small business owner to evaluate the quality of his IT setup. This company has one server which runs Windows Small Business Server 2003 R2 Premium Edition. This server hosts an Exchange instance which takes care of incoming and outgoing emails. I ran an namp scan (nmap -T4 -A -v -PE -PA21,23,80,3389 <IP_address>) from a machine outside of the company network and got the results below. I am wondering why ports 80 and 443 are open since the server does not act as a web server. Also I am wondering if the Linksys router should be visible from the outside world ... If anybody could comment on this and make suggestions on how to improve the security of that setup, I would appreciate it. Cheers, Dan. Not shown: 990 closed ports PORT STATE SERVICE VERSION 25/tcp filtered smtp 80/tcp open http Microsoft IIS |_ html-title: The page cannot be displayed 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 143/tcp open imap Microsoft Exchange Server 2003 imapd 6.5.7638.1 443/tcp open ssl/https? |_ sslv2: server still supports SSLv2 | html-title: Microsoft Outlook Web Access |_ Requested resource was https://<...snipped...> 445/tcp filtered microsoft-ds 993/tcp open ssl/imap Microsoft Exchange Server 2003 imapd 6.5.7638.1 |_ sslv2: server still supports SSLv2 1723/tcp open pptp Microsoft (Firmware: 3790) 8081/tcp open http Linksys router http config (device model BEFSR41/BEFSR11/BEFSRU31) | http-auth: HTTP Service requires authentication |_ Auth type: Basic, realm = Linksys BEFSR41/BEFSR11/BEFSRU31 |_ html-title: 401 Authorization Required ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Interpreting the results of an NMAP scan Dan Fauxpoint (Apr 24)
- RE: Interpreting the results of an NMAP scan Pete.LeMay (Apr 24)
- RE: Interpreting the results of an NMAP scan Andy Belfield (Apr 24)
- Re: Interpreting the results of an NMAP scan Andrew Kuriger (Apr 24)
- Re: Interpreting the results of an NMAP scan Ansgar Wiechers (Apr 24)
- Re: Interpreting the results of an NMAP scan Jon Janego (Apr 24)
- Re: Interpreting the results of an NMAP scan infolookup (Apr 24)
- RE: Interpreting the results of an NMAP scan Pete.LeMay (Apr 24)
- Re: Interpreting the results of an NMAP scan Francesc Vila (Apr 24)