From owner-freebsd-security  Wed May 29 20:10: 0 2002
Delivered-To: freebsd-security@freebsd.org
Received: from MCSMTP2.MC.VANDERBILT.EDU (mcsmtp2.mc.Vanderbilt.Edu [160.129.50.78])
	by hub.freebsd.org (Postfix) with ESMTP id EF6A237B401
	for <freebsd-security@freebsd.org>; Wed, 29 May 2002 20:09:52 -0700 (PDT)
Subject: ipfw issue with nmap false alarms
To: freebsd-security@freebsd.org
X-Mailer: Lotus Notes Release 5.0.6a  January 17, 2001
Message-ID: <OFB74AFA63.4553FCA4-ON86256BC9.0010C509@MC.VANDERBILT.EDU>
From: George.Giles@mcmail.vanderbilt.edu
Date: Wed, 29 May 2002 22:06:13 -0500
X-MIMETrack: Serialize by Router on MCSMTP2.MC.vanderbilt.edu/VUMC/Vanderbilt(Release 5.0.6a
 |January 17, 2001) at 05/29/2002 09:57:21 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

nmap reports as expected when scanning the actual ip address, but when run
against localhost various open ports show up.

Any ideas ?

Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1540 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
53/tcp     open        domain
80/tcp     open        http
443/tcp    open        https
1669/tcp   open        netview-aix-9

Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
bash-2.05$ nmap localhost

Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1540 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
53/tcp     open        domain
80/tcp     open        http
443/tcp    open        https
2044/tcp   open        rimsl


Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
bash-2.05$ nmap localhost

Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1539 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
53/tcp     open        domain
80/tcp     open        http
443/tcp    open        https
2003/tcp   open        cfingerd
3306/tcp   open        mysql





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message