[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8ebbd7f50709202324i59f2e320i1e49ce0e8ae9ebe@mail.gmail.com>
Date: Fri, 21 Sep 2007 08:24:14 +0200
From: "Jeffrey Denton" <dentonj@...il.com>
To: scott <redhowlingwolves@...lsouth.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Very strange nmap scan results
Use the -sV --version-all options to determine version/service info
for each port.
On 9/21/07, scott <redhowlingwolves@...lsouth.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Did this particular person,or persons know what you were going to do?
>
> Looks like a honeypot,to me.
>
> Been wrong before,won't be the last.I hope,for the sake of whomever
> you are auditing,that this is the case.
>
> Cheers, Redwolfs always
>
>
> Juan B wrote:
> > Hi all,
> >
> > For a client in scaning his Dmz from the internet.
> >
> > I know the servers are behind a pix 515 without any add security
> > features ( they dont have any ips or the didnt enabled the ips
> > feature of the pix).
> >
> > the strange is that two I receive too many open ports! for example
> > I scan the mail relay and although just port 25 is open it report
> > lots of more open ports! this is the nmap scan I issued:
> >
> > nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA cpsa.txt
> >
> > ( I changed the ip's here...)
> >
> > and the result for the mail relay for example are:
> >
> >
> > nteresting ports on mail.cpsa.com (200.61.44.50): PORT STATE
> > SERVICE 1/tcp open tcpmux 2/tcp open compressnet
> > 3/tcp open compressnet 4/tcp open unknown 5/tcp
> > open rje 6/tcp open unknown 7/tcp open echo 8/tcp
> > filtered unknown 9/tcp open discard 10/tcp open
> > unknown 11/tcp open systat 12/tcp open unknown 13/tcp
> > open daytime 14/tcp open unknown 15/tcp open
> > netstat 16/tcp open unknown 17/tcp open qotd 18/tcp
> > filtered msp 19/tcp open chargen 20/tcp open ftp-data
> > 21/tcp open ftp 22/tcp open ssh 23/tcp open
> > telnet 24/tcp open priv-mail 25/tcp open smtp 26/tcp
> > open unknown 27/tcp open nsw-fe 28/tcp open unknown
> > 29/tcp open msg-icp 30/tcp open unknown 31/tcp open
> > msg-auth 32/tcp open unknown 33/tcp open dsp 34/tcp
> > open unknown
> >
> > this continues up to port 1024..
> >
> > any ideas how to eliminate so many false positives?
> >
> > thanks a lot,
> >
> > Juan
> >
> >
> >
> > ____________________________________________________________________________________
> > Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get
> > listings, and more! http://tv.yahoo.com/collections/3658
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFG81G8srt057ENXO4RAkAoAJ9QAmp65M7nICyOvK0IBDb5ZGgdvwCg2iqL
> 0AffiGeALD+T9XlXXblycek=
> =Drx9
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists