From owner-freebsd-security Wed May 29 20:30:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.visp.co.nz (mail.visp.co.nz [210.55.24.20]) by hub.freebsd.org (Postfix) with ESMTP id D59AC37B408 for ; Wed, 29 May 2002 20:30:13 -0700 (PDT) Received: from visp (visp-adsl3-168.visp.co.nz [210.54.168.3] (may be forged)) by mail.visp.co.nz (8.11.1/8.11.1) with SMTP id g4U3TnR39617; Thu, 30 May 2002 15:29:51 +1200 (NZST) From: "Brett Moore" To: , Subject: RE: ipfw issue with nmap false alarms Date: Thu, 30 May 2002 15:27:36 +1200 Message-ID: <000001c20789$f19ff060$6301a8c0@visp> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Others may correct me if I am wrong here. I have had the same 'problem'. I was told/read that nmap may sometimes report the port that it is using as open when run against localhost. Try 2.54BETA34 its for d/l at the site. Brett > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > George.Giles@mcmail.vanderbilt.edu > Sent: Thursday, 30 May 2002 15:06 > To: freebsd-security@FreeBSD.ORG > Subject: ipfw issue with nmap false alarms > > > nmap reports as expected when scanning the actual ip address, but when run > against localhost various open ports show up. > > Any ideas ? > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on localhost (127.0.0.1): > (The 1540 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 53/tcp open domain > 80/tcp open http > 443/tcp open https > 1669/tcp open netview-aix-9 > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > bash-2.05$ nmap localhost > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on localhost (127.0.0.1): > (The 1540 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 53/tcp open domain > 80/tcp open http > 443/tcp open https > 2044/tcp open rimsl > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > bash-2.05$ nmap localhost > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on localhost (127.0.0.1): > (The 1539 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 53/tcp open domain > 80/tcp open http > 443/tcp open https > 2003/tcp open cfingerd > 3306/tcp open mysql > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message