Date: Thu, 30 May 2002 09:20:31 +0200 From: "Dave Raven" <dave@raven.za.net> To: "nathan skains" <nskains@comcast.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: Nmap /w snort Message-ID: <009801c207aa$7c4003c0$3800a8c0@DAVE> References: <000001c20789$f19ff060$6301a8c0@visp> <006101c2079b$96528170$0200a8c0@logical>
next in thread | previous in thread | raw e-mail | index | archive | help
is 192.168.0.5 the box? That might be the problem, scanning yourself is no good. Fix the nmap problem by making more bpf devices. cd /dev/ && sh ./MAKEDEV bpf4 bpf5 bpf6 Does that port change? Or always stay the same? check sockstat. check netstat. --Dave. ----- Original Message ----- From: "nathan skains" <nskains@comcast.net> To: <freebsd-security@FreeBSD.ORG> Sent: Thursday, May 30, 2002 7:33 AM Subject: Nmap /w snort > i am having a similar problem earlier today i did a scan on my system and go > the following results. later i ran another scan and got another weird port > open, i am concerned with a comprimise. > Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) > > Interesting ports on (192.168.0.5): > > (The 1545 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 25/tcp open smtp > > 80/tcp open http > > 110/tcp open pop-3 > > 113/tcp open auth > > 587/tcp open submission > > 1492/tcp open stone-design-1 << concern about this port being open > > 3306/tcp open mysql > > 6667/tcp open irc > > 6668/tcp open irc > > when i try an nmap as root i get this error > > Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) > pcap_open_live: (no devices found) /dev/bpf4: No such file or directory > There are several possible reasons for this, depending on your operating > system: > LINUX: If you are getting Socket type not supported, try modprobe af_packet > or recompile your kernel with SOCK_PACKET enabled. > *BSD: If you are getting device not configured, you need to recompile your > kernel with Berkeley Packet Filter support. If you are getting No such file > or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use > mknod). > SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such > file or directory', complain to Sun. I don't think Solaris can support > advanced localhost scans. You can probably use "-P0 -sT localhost" though. > > but if i throw options in like -P0 -sT it works go figure. > any ideas would be greatly appreicated. > > Nathan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009801c207aa$7c4003c0$3800a8c0>