Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: scan shows open ports as tcpwrapped

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 01 Nov 2012 16:30:23 -0500
On 10/30/2012 09:28 PM, Fahad A. Saeed wrote:

I'd a scan task and I faced following result (appro. for all ports except
for really used ones i.e. ssl and smtp):

Host is up (0.032s latency).
Scanned at 2012-10-25 16:06:38 AST for 856s
PORT      STATE SERVICE    VERSION
1/tcp     open  tcpwrapped
3/tcp     open  tcpwrapped
4/tcp     open  tcpwrapped
.
.
19/tcp    open  tcpwrapped
20/tcp    open  tcpwrapped
21/tcp    open  tcpwrapped
22/tcp    open  tcpwrapped
23/tcp    open  tcpwrapped
.
.
64623/tcp open  tcpwrapped
64680/tcp open  tcpwrapped
65000/tcp open  tcpwrapped
65129/tcp open  tcpwrapped
65389/tcp open  tcpwrapped

Scan methodology was:

nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN
-T2 -oA x.x.x.x

I'm sure that this is a firewall's or loadbalancer's game. I tried many way
such as change source port, source IP , fragmentation, etc..

    - Do you have any idea/suggestion to bypass this case and to identify
    real services behind open ports?
    - on another hand, Do you know how to do that on firewall policy(on any
    firewall)?

Thanks in advance.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Fahad,
I and several others answered you on security.stackexchange.com [1]. There is nothing to bypass here. 

Dan
[1] http://security.stackexchange.com/questions/23407/how-to-bypass-tcpwrapped-with-nmap-scan 
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: