Date: Mon, 9 Aug 2004 15:59:36 +1000 (EST) From: Neo-Vortex <root@Neo-Vortex.Ath.Cx> To: c0ldbyte <c0ldbyte@myrealbox.com> Cc: freebsd-security@freebsd.org Subject: Re: freebsd-security Digest, Vol 71, Issue 2 Message-ID: <20040809155909.X88392@Neo-Vortex.Ath.Cx> In-Reply-To: <Pine.LNX.4.61.0408081846150.8050@eleanor.spectical.net> References: <20040808120101.B771D16A4D0@hub.freebsd.org> <Pine.LNX.4.61.0408081846150.8050@eleanor.spectical.net>
next in thread | previous in thread | raw e-mail | index | archive | help
it might also be because you cant do a SYN stealth scan as non-root (which is default if you are root) and you have to use the normal TCP Connect method if you arnt root On Sun, 8 Aug 2004, c0ldbyte wrote: > > From: Zoran Kolic <kolicz@eunet.yu> > > Subject: about nmap > > To: freebsd-security@freebsd.org > > Message-ID: <20040808053526.GA652@kolic.net> > > Content-Type: text/plain; charset=us-ascii > > > > Dear all! > > Last evening I've noticed that > > my 5.2 box had strange result > > about nmap search. One port is > > randomly open when I look from > > user account. From root everything > > looks as expected. The comp is > > most time out of internet. The > > last thing was adding "expect" > > package. I am not paniced, could > > be hiting... Or something in > > "expect" package... It is random > > port from 53000 to 57000. > > Has someone any idea? > > Best regards. > > > > ZK > > > Yes this is going to be one of the ports that nmap uses to relay or > recieve information back to the client itself. Everything that has > anything to do with analyzing the network is going to open a port > to recieve back on and most commonly if its because your noticing > that port well scanning from a user account its just because of the > nmap software picking that port up and not ignoring it like it should > be. > > This e-mail may be privileged and/or confidential, and the sender > does not waive any related rights and obligations. Any distribution, use > or copying of this e-mail or the information it contains by other than an > intended recipient is unauthorized. If you received this e-mail in error, > please advise me (by return e-mail or otherwise) immediately. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040809155909.X88392>