Date: Mon, 27 Jan 2003 12:34:19 -0600 From: "Kenzo" <kenzo_chin@hotmail.com> To: <freebsd-security@FreeBSD.ORG> Subject: portscan question Message-ID: <DAV6781XnKBWLNtmSRQ00017e50@hotmail.com>
next in thread | raw e-mail | index | archive | help
This is what I got when I ran nmap against my server from inside my network. everything looks good from the outsite. I'm curious to why when I have portsentry turned on, I see all these ports. and when I don't I only see the ones I'm runnin. --WITH PORTSENTRY ON BSDtest# nmap -v -O 10.25.x.x Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) No tcp,udp, or ICMP scantype specified, assuming SYN Stealth scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up). Host mydomain(10.25.x.x) appears to be up ... good. Initiating SYN Stealth Scan against mydomain(10.25.x.x) Adding open port 15/tcp Adding open port 1524/tcp Adding open port 54320/tcp Adding open port 22/tcp Adding open port 32774/tcp Adding open port 540/tcp Adding open port 6667/tcp Adding open port 1/tcp Adding open port 32773/tcp Adding open port 12346/tcp Adding open port 32771/tcp Adding open port 27665/tcp Adding open port 11/tcp Adding open port 143/tcp Adding open port 12345/tcp Adding open port 1080/tcp Adding open port 79/tcp Adding open port 111/tcp Adding open port 2000/tcp Adding open port 25/tcp Adding open port 31337/tcp Adding open port 635/tcp Adding open port 80/tcp Adding open port 32772/tcp Adding open port 119/tcp The SYN Stealth Scan took 8 seconds to scan 1601 ports. For OSScan assuming that port 1 is open and port 2 is closed and neither are firewalled For OSScan assuming that port 1 is open and port 2 is closed and neither are firewalled For OSScan assuming that port 1 is open and port 2 is closed and neither are firewalled Interesting ports on mydomain(10.25.x.x): (The 1576 ports scanned but not shown below are in state: closed) Port State Service 1/tcp open tcpmux 11/tcp open systat 15/tcp open netstat 22/tcp open ssh 25/tcp open smtp 79/tcp open finger 80/tcp open http 111/tcp open sunrpc 119/tcp open nntp 143/tcp open imap2 540/tcp open uucp 635/tcp open unknown 1080/tcp open socks 1524/tcp open ingreslock 2000/tcp open callbook 6667/tcp open irc 12345/tcp open NetBus 12346/tcp open NetBus 27665/tcp open Trinoo_Master 31337/tcp open Elite 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 54320/tcp open bo2k No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.00%P=i386-portbld-freebsd4.7%D=1/27%Time=3E357695%O=1%C=2) TSeq(Class=TR%IPID=I%TS=100HZ) T1(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) Uptime 0.168 days (since Mon Jan 27 08:11:17 2003) TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) IPID Sequence Generation: Incremental Nmap run completed -- 1 IP address (1 host up) scanned in 31 seconds --WITHOUT PORTSENTRY BSDtest# nmap -v -O 10.25.x.x Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) No tcp,udp, or ICMP scantype specified, assuming SYN Stealth scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up). Host mydomain(10.25.x.x) appears to be up ... good. Initiating SYN Stealth Scan against mydomain(10.25.x.x) Adding open port 25/tcp Adding open port 22/tcp Adding open port 80/tcp The SYN Stealth Scan took 7 seconds to scan 1601 ports. For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled Interesting ports on mydomain(10.25.x.x): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 80/tcp open http No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.00%P=i386-portbld-freebsd4.7%D=1/27%Time=3E357B34%O=22%C=1) TSeq(Class=TR%IPID=I%TS=100HZ) T1(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) Uptime 0.181 days (since Mon Jan 27 08:11:17 2003) TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) IPID Sequence Generation: Incremental Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds I thought that portsentry was suppose to monitor the ports, but I didn't know that it would add all these ports as being open. will it still be ok to run portsentry or is there a better program to use to monitor ports, for portscans and probes? thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAV6781XnKBWLNtmSRQ00017e50>