Security Incidents mailing list archives

Re: strange, strange stuff

From: Hugo van der Kooij <hvdkooij () VANDERKOOIJ ORG>
Date: Tue, 27 Mar 2001 07:15:44 +0200

On Mon, 26 Mar 2001, Max Gribov wrote:

I did my weekly sweep of my machine, which involves portscans, log
reviews, etc, and during nmap'ing i came across this:

four consequtive nmaps below:

--------------------------------
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Strange read error from 127.0.0.1 (104): Operation now in progress
Strange read error from 127.0.0.1 (104): Operation now in progress
Strange read error from 127.0.0.1 (104): Operation now in progress
Interesting ports on localhost (127.0.0.1):
(The 65494 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
113/tcp    open        auth
1918/tcp   open        unknown
2643/tcp   open        unknown
4986/tcp   open        unknown
6000/tcp   open        X11


....

Why would someone use nmap to a local machine. I guess `lsof` and `netstat
-na` would be more reliable.

You have a typical case where Harry meets Harry. You are seeing your own
port scan and a clear demonstration why nmap to a localhost is not the
best thing to do. (It is quite likely you caused a temporal distortion in
the time/space continum while doing so.)

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () vanderkooij org             http://hvdkooij.xs4all.nl/
Alle email is gebonden aan de regels beschreven op mijn homepage.
All email send to me is bound to the rules described on my homepage.
        Don't meddle in the affairs of sysadmins,
        for they are subtle and quick to anger.

Current thread:

strange, strange stuff Max Gribov (Mar 26)
- Re: strange, strange stuff Hugo van der Kooij (Mar 26)
  - Re: strange, strange stuff Peter Moody (Mar 27)
  - Re: strange, strange stuff Erik (Mar 28)
- Re: strange, strange stuff Jason Boyer (Mar 27)