Date: Thu, 30 May 2002 09:11:49 +0200 From: "Dave Raven" <dave@raven.za.net> To: <George.Giles@mcmail.vanderbilt.edu>, <freebsd-security@FreeBSD.ORG> Subject: Re: ipfw issue with nmap false alarms Message-ID: <009001c207a9$454c7020$3800a8c0@DAVE> References: <000001c20789$f19ff060$6301a8c0@visp>
next in thread | previous in thread | raw e-mail | index | archive | help
That is the problem, your scanning localhost. rather scan an external card. --Dave. ----- Original Message ----- From: "Brett Moore" <brett@softwarecreations.co.nz> To: <George.Giles@mcmail.vanderbilt.edu>; <freebsd-security@FreeBSD.ORG> Sent: Thursday, May 30, 2002 5:27 AM Subject: RE: ipfw issue with nmap false alarms > Others may correct me if I am wrong here. > > I have had the same 'problem'. I was told/read that nmap may sometimes > report the port that it is using as open when run against localhost. > > Try 2.54BETA34 its for d/l at the site. > > Brett > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > > George.Giles@mcmail.vanderbilt.edu > > Sent: Thursday, 30 May 2002 15:06 > > To: freebsd-security@FreeBSD.ORG > > Subject: ipfw issue with nmap false alarms > > > > > > nmap reports as expected when scanning the actual ip address, but when run > > against localhost various open ports show up. > > > > Any ideas ? > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1540 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 1669/tcp open netview-aix-9 > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > bash-2.05$ nmap localhost > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1540 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 2044/tcp open rimsl > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > bash-2.05$ nmap localhost > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1539 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 2003/tcp open cfingerd > > 3306/tcp open mysql > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009001c207a9$454c7020$3800a8c0>