From owner-freebsd-security@FreeBSD.ORG Mon Aug 9 05:59:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE07F16A4CE for ; Mon, 9 Aug 2004 05:59:41 +0000 (GMT) Received: from Neo-Vortex.Ath.Cx (203-217-83-10.dyn.iinet.net.au [203.217.83.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63C7F43D53 for ; Mon, 9 Aug 2004 05:59:40 +0000 (GMT) (envelope-from root@Neo-Vortex.Ath.Cx) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id i795xagC088542; Mon, 9 Aug 2004 15:59:37 +1000 (EST) (envelope-from root@Neo-Vortex.Ath.Cx) Date: Mon, 9 Aug 2004 15:59:36 +1000 (EST) From: Neo-Vortex To: c0ldbyte In-Reply-To: Message-ID: <20040809155909.X88392@Neo-Vortex.Ath.Cx> References: <20040808120101.B771D16A4D0@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: freebsd-security Digest, Vol 71, Issue 2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Aug 2004 05:59:41 -0000 it might also be because you cant do a SYN stealth scan as non-root (which is default if you are root) and you have to use the normal TCP Connect method if you arnt root On Sun, 8 Aug 2004, c0ldbyte wrote: > > From: Zoran Kolic > > Subject: about nmap > > To: freebsd-security@freebsd.org > > Message-ID: <20040808053526.GA652@kolic.net> > > Content-Type: text/plain; charset=us-ascii > > > > Dear all! > > Last evening I've noticed that > > my 5.2 box had strange result > > about nmap search. One port is > > randomly open when I look from > > user account. From root everything > > looks as expected. The comp is > > most time out of internet. The > > last thing was adding "expect" > > package. I am not paniced, could > > be hiting... Or something in > > "expect" package... It is random > > port from 53000 to 57000. > > Has someone any idea? > > Best regards. > > > > ZK > > > Yes this is going to be one of the ports that nmap uses to relay or > recieve information back to the client itself. Everything that has > anything to do with analyzing the network is going to open a port > to recieve back on and most commonly if its because your noticing > that port well scanning from a user account its just because of the > nmap software picking that port up and not ignoring it like it should > be. > > This e-mail may be privileged and/or confidential, and the sender > does not waive any related rights and obligations. Any distribution, use > or copying of this e-mail or the information it contains by other than an > intended recipient is unauthorized. If you received this e-mail in error, > please advise me (by return e-mail or otherwise) immediately. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >