Re: Fingerprint?

[Brutus <brutus () hoobie net>]

Hi,

I too have noticed this problem running nmap 2 on debian linux 2
(2.0.34), I find that it often shows active ports on the target which
are actually only active on the localhost upon which nmap is running. I
get this with my port 6000 X relay and my HTTP proxy on port 8081.

Not sure why this happens on vanilla tcp scans...

regards

G

Takacs Istvan wrote:

> Hi,
>
> Thanks for everyone, who answered to my
> question!
>
> I didn't mention that our web servers behind
> a Solaris based firewall (FW-1)!
> That's why I was very surprised when I saw the
> resoult of the scan (The web servers are on
> NT IIS 3.0):
>
> No ports open for host  (xxx.xxx.xxx.xxx)
> Interesting ports on www.mysite.hu (xxx.xxx.xxx.xxx):
> Port    State       Protocol  Service
> 22      open        tcp        unknown
> 53      open        tcp        domain
> 110     open        tcp        pop-3
> 143     open        tcp        imap
>
> We never enabled that ports above. On our firewall
> just the 80 and 443 ports are enabled to the servers.
>
> Are that open ports real, or just a bug in nmap? And why
> missing the enabled ports from the list?
> I don't understand.
>
> Thanks a lot!
>
> Regards,
>
>                 Istvan