Firewall Wizards mailing list archives
Re: Strange open ports on windows machines
From: Matt Carothers <matt () telepath com>
Date: Sat, 23 Oct 1999 10:13:37 -0500 (CDT)
On Thu, 21 Oct 1999, Christoph Schneeberger wrote:
While scanning a customers public corporate website (on request) with nmap (2.3BETA6 and 2.02) I found the following open ports: Port State Protocol Service
[...]
12345 filtered tcp NetBus and udp: Port State Protocol Service
[...]
31337 open udp BackOrifice I then went with the customer through the following procedures:
[...]
-Running netstat -an on the server in question The two ports 12345 tcp and 31337 udp where not shown, all other listening services were shown as expected. -installing Back Orificer Friendly from http://www.nfr.net/bof/ on the server (I hoped it would complain not being able to listen to 31337 udp) Started and did not complain -I then connected to the server with 'netcat -u 31337' and typed some random chars which should normally trigger bof to pop-up and notify the user Nothing happened, all other ports like i.e. pop3 triggered bof immediately So, am I missing a chapter or does this look like something really strange ?
The nmap udp scan works by sending udp packets to the specified ports and waiting for icmp port unreachable messages. If the scanner doesn't get an icmp back, it assumes the port is open. My guess is that a router or a firewall somewhere between your machine and the NT box is filtering 31337/udp. Nmap wouldn't get a port unreachable back since the packet never hit the target machine, and you wouldn't be able to communicate with BOF on that port. Looks like a similar situation for netbus. Note that nmap lists it as 'filtered' rather than 'open.' It's getting neither a SYN|ACK nor an RST back so something is probably dropping your packets en route. - Matt
Current thread:
- Strange open ports on windows machines Christoph Schneeberger (Oct 21)
- Re: Strange open ports on windows machines Michael H. Warfield (Oct 23)
- Re: Strange open ports on windows machines Kaptain (Oct 25)
- Re: Strange open ports on windows machines Michael H. Warfield (Oct 25)
- Re: Strange open ports on windows machines David LeBlanc (Oct 26)
- whoops David LeBlanc (Oct 27)
- Re: Strange open ports on windows machines Kaptain (Oct 25)
- Re: Strange open ports on windows machines Arnd Vehling (Oct 28)
- Re: Strange open ports on windows machines Michael H. Warfield (Oct 23)
- <Possible follow-ups>
- RE: Strange open ports on windows machines Russ (Oct 25)
- RE: Strange open ports on windows machines Christoph Schneeberger (Oct 25)
- RE: Strange open ports on windows machines Russ (Oct 25)
- Re: Strange open ports on windows machines Randy Witlicki (Oct 25)
- RE: Strange open ports on windows machines Steve McQuade (Oct 26)
- RE: Strange open ports on windows machines Bill Stout (Oct 26)
- RE: Strange open ports on windows machines La Cholter, William J. (Oct 26)
- RE: Strange open ports on windows machines Lance Spitzner (Oct 27)
- RE: Strange open ports on windows machines Ben Nagy (Oct 26)