From owner-freebsd-security Thu May 30 0:11:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id B293537B401 for ; Thu, 30 May 2002 00:11:09 -0700 (PDT) Received: from amavis by chaos.evolve.za.net with scanned-ok (Exim 3.34 #1) id 17DK5F-0007JY-00 for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 09:10:53 +0200 Received: from [192.168.0.56] (helo=DAVE) by chaos.evolve.za.net with smtp (Exim 3.34 #1) id 17DK5E-0007JB-00; Thu, 30 May 2002 09:10:52 +0200 Message-ID: <009001c207a9$454c7020$3800a8c0@DAVE> From: "Dave Raven" To: , References: <000001c20789$f19ff060$6301a8c0@visp> Subject: Re: ipfw issue with nmap false alarms Date: Thu, 30 May 2002 09:11:49 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by Opteq - www.optec.co.za Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That is the problem, your scanning localhost. rather scan an external card. --Dave. ----- Original Message ----- From: "Brett Moore" To: ; Sent: Thursday, May 30, 2002 5:27 AM Subject: RE: ipfw issue with nmap false alarms > Others may correct me if I am wrong here. > > I have had the same 'problem'. I was told/read that nmap may sometimes > report the port that it is using as open when run against localhost. > > Try 2.54BETA34 its for d/l at the site. > > Brett > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > > George.Giles@mcmail.vanderbilt.edu > > Sent: Thursday, 30 May 2002 15:06 > > To: freebsd-security@FreeBSD.ORG > > Subject: ipfw issue with nmap false alarms > > > > > > nmap reports as expected when scanning the actual ip address, but when run > > against localhost various open ports show up. > > > > Any ideas ? > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1540 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 1669/tcp open netview-aix-9 > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > bash-2.05$ nmap localhost > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1540 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 2044/tcp open rimsl > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > bash-2.05$ nmap localhost > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1539 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 2003/tcp open cfingerd > > 3306/tcp open mysql > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message