Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Very strange nmap scan results

From: scott <redhowlingwolves () bellsouth net>
Date: Fri, 21 Sep 2007 01:08:13 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did this particular person,or persons know what you were going to do?

Looks like a honeypot,to me.

Been wrong before,won't be the last.I hope,for the sake of whomever
you are auditing,that this is the case.

Cheers,  Redwolfs always


Juan B wrote:

Hi all,

For a client in scaning his Dmz from the internet.

I know the servers are behind a pix 515 without any add security
features ( they dont have any ips or the didnt enabled the ips
feature of the pix).

the strange is that two I receive too many open ports! for example
I scan the mail relay and although just port 25 is open it report
lots of more open ports! this is the nmap scan I issued:

nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA cpsa.txt

( I changed the ip's here...)

and the result for the mail relay for example are:


nteresting ports on mail.cpsa.com (200.61.44.50): PORT     STATE
SERVICE 1/tcp    open     tcpmux 2/tcp    open     compressnet
3/tcp    open     compressnet 4/tcp    open     unknown 5/tcp
open     rje 6/tcp    open     unknown 7/tcp    open     echo 8/tcp
filtered unknown 9/tcp    open     discard 10/tcp   open
unknown 11/tcp   open     systat 12/tcp   open     unknown 13/tcp
open     daytime 14/tcp   open     unknown 15/tcp   open
netstat 16/tcp   open     unknown 17/tcp   open     qotd 18/tcp
filtered msp 19/tcp   open     chargen 20/tcp   open     ftp-data
21/tcp   open     ftp 22/tcp   open     ssh 23/tcp   open
telnet 24/tcp   open     priv-mail 25/tcp   open     smtp 26/tcp
open     unknown 27/tcp   open     nsw-fe 28/tcp   open     unknown
 29/tcp   open     msg-icp 30/tcp   open     unknown 31/tcp   open
msg-auth 32/tcp   open     unknown 33/tcp   open     dsp 34/tcp
open     unknown

this continues up to port 1024..

any ideas how to eliminate so many false positives?

thanks a lot,

Juan



____________________________________________________________________________________
 Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get
listings, and more! http://tv.yahoo.com/collections/3658



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG81G8srt057ENXO4RAkAoAJ9QAmp65M7nICyOvK0IBDb5ZGgdvwCg2iqL
0AffiGeALD+T9XlXXblycek=
=Drx9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: