| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Sep 2007 08:24:14 +0200 From: "Jeffrey Denton" <dentonj@...il.com> To: scott <redhowlingwolves@...lsouth.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Very strange nmap scan results Use the -sV --version-all options to determine version/service info for each port. On 9/21/07, scott <redhowlingwolves@...lsouth.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Did this particular person,or persons know what you were going to do? > > Looks like a honeypot,to me. > > Been wrong before,won't be the last.I hope,for the sake of whomever > you are auditing,that this is the case. > > Cheers, Redwolfs always > > > Juan B wrote: > > Hi all, > > > > For a client in scaning his Dmz from the internet. > > > > I know the servers are behind a pix 515 without any add security > > features ( they dont have any ips or the didnt enabled the ips > > feature of the pix). > > > > the strange is that two I receive too many open ports! for example > > I scan the mail relay and although just port 25 is open it report > > lots of more open ports! this is the nmap scan I issued: > > > > nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA cpsa.txt > > > > ( I changed the ip's here...) > > > > and the result for the mail relay for example are: > > > > > > nteresting ports on mail.cpsa.com (200.61.44.50): PORT STATE > > SERVICE 1/tcp open tcpmux 2/tcp open compressnet > > 3/tcp open compressnet 4/tcp open unknown 5/tcp > > open rje 6/tcp open unknown 7/tcp open echo 8/tcp > > filtered unknown 9/tcp open discard 10/tcp open > > unknown 11/tcp open systat 12/tcp open unknown 13/tcp > > open daytime 14/tcp open unknown 15/tcp open > > netstat 16/tcp open unknown 17/tcp open qotd 18/tcp > > filtered msp 19/tcp open chargen 20/tcp open ftp-data > > 21/tcp open ftp 22/tcp open ssh 23/tcp open > > telnet 24/tcp open priv-mail 25/tcp open smtp 26/tcp > > open unknown 27/tcp open nsw-fe 28/tcp open unknown > > 29/tcp open msg-icp 30/tcp open unknown 31/tcp open > > msg-auth 32/tcp open unknown 33/tcp open dsp 34/tcp > > open unknown > > > > this continues up to port 1024.. > > > > any ideas how to eliminate so many false positives? > > > > thanks a lot, > > > > Juan > > > > > > > > ____________________________________________________________________________________ > > Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get > > listings, and more! http://tv.yahoo.com/collections/3658 > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFG81G8srt057ENXO4RAkAoAJ9QAmp65M7nICyOvK0IBDb5ZGgdvwCg2iqL > 0AffiGeALD+T9XlXXblycek= > =Drx9 > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists