Nmap Development mailing list archives
Re: scan shows open ports as tcpwrapped
From: "Fahad A. Saeed" <fneyaz () gmail com>
Date: Fri, 2 Nov 2012 00:49:10 +0300
Thank you Dan for your response. My colleague posted thebquestion there. The point is, and for example, one of the scanned machine is a MS Exchange configured as OWA. The scan result was tcpwrapped for all ports even for SMTP and SSL. This doesn't make scenes. BTW we are sure MS Exchange is working fine. When I used the same scan syntax posted before but with --packet-trace I got all ports "closed". And I got all responses from the machine itself not from LB\FW. Another thing, in both syntax it shows the OS as F5 Big-IP but again it should be Windows. I tried also to review all packets using tcpdump and nothing there. When traceroute is performed the traffic is as following: Internet --> Core Router --> LB\FW --> the target (i.e MS Exchange). Thanks again for your response. On Nov 2, 2012 12:30 AM, "Daniel Miller" <bonsaiviking () gmail com> wrote:
On 10/30/2012 09:28 PM, Fahad A. Saeed wrote:I'd a scan task and I faced following result (appro. for all ports except for really used ones i.e. ssl and smtp): Host is up (0.032s latency). Scanned at 2012-10-25 16:06:38 AST for 856s PORT STATE SERVICE VERSION 1/tcp open tcpwrapped 3/tcp open tcpwrapped 4/tcp open tcpwrapped . . 19/tcp open tcpwrapped 20/tcp open tcpwrapped 21/tcp open tcpwrapped 22/tcp open tcpwrapped 23/tcp open tcpwrapped . . 64623/tcp open tcpwrapped 64680/tcp open tcpwrapped 65000/tcp open tcpwrapped 65129/tcp open tcpwrapped 65389/tcp open tcpwrapped Scan methodology was: nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN -T2 -oA x.x.x.x I'm sure that this is a firewall's or loadbalancer's game. I tried many way such as change source port, source IP , fragmentation, etc.. - Do you have any idea/suggestion to bypass this case and to identify real services behind open ports? - on another hand, Do you know how to do that on firewall policy(on any firewall)? Thanks in advance. ______________________________**_________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/**mailman/listinfo/nmap-dev<http://cgi.insecure.org/mailman/listinfo/nmap-dev> Archived at http://seclists.org/nmap-dev/ Fahad,I and several others answered you on security.stackexchange.com [1]. There is nothing to bypass here. Dan [1] http://security.stackexchange.**com/questions/23407/how-to-** bypass-tcpwrapped-with-nmap-**scan<http://security.stackexchange.com/questions/23407/how-to-bypass-tcpwrapped-with-nmap-scan>
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- scan shows open ports as tcpwrapped Fahad A. Saeed (Nov 01)
- Re: scan shows open ports as tcpwrapped Daniel Miller (Nov 01)
- Re: scan shows open ports as tcpwrapped Fahad A. Saeed (Nov 01)
- Re: scan shows open ports as tcpwrapped David Fifield (Nov 01)
- Re: scan shows open ports as tcpwrapped Fahad A. Saeed (Nov 03)
- Re: scan shows open ports as tcpwrapped Daniel Miller (Nov 03)
- Re: scan shows open ports as tcpwrapped Fahad A. Saeed (Nov 04)
- Re: scan shows open ports as tcpwrapped Fahad A. Saeed (Nov 03)
- Re: scan shows open ports as tcpwrapped Daniel Miller (Nov 01)