Re: Oracle 11i nmap scan results

[John Doe <security.department () tele2 ch>]

Brooks, Shane am Freitag, 14. Oktober 2005 20.44:
> Sorry if this is a dumb question, but I've found nothing on Google about
> the issue.
>
> I'm doing a portscan against an Oracle 11i Oracle Applications server.  The
> output shows:
>
> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-10-14 14:05
> EDT Interesting ports on oraappserver1.inside.net (172.10.10.86):
> (The 1653 ports scanned but not shown below are in state: closed)
> PORT      STATE SERVICE
> 22/tcp    open  ssh
> 111/tcp   open  rpcbind
> 113/tcp   open  auth
> 139/tcp   open  netbios-ssn
> 445/tcp   open  microsoft-ds
> 1666/tcp  open  netview-aix-6
> 5555/tcp  open  freeciv
> 6000/tcp  open  X11
> 9090/tcp  open  zeus-admin
> 12345/tcp open  NetBus
> MAC Address: 00:0B:CD:9B:A2:98 (Compaq (HP))
>
> Yet to connect to the box, the users open a browser and connect to
> http://oraserver1.inside.net:8040 They can also connect with the same URL
> but to ports 8020, and 8010.
>
> There is no firewall on the box, or between the box and the users.
> Why do these port not show up on nmap?

You may not have specified a port range to scan; in this case nmap scans only 
ports 1-1024 and those listed in the service files, as noted in the FM.

hth, joe

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------