OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Kenzo (kenzo_chin_at_hotmail.com)
Date: Mon Jan 27 2003 - 12:34:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This is what I got when I ran nmap against my server from inside my network.
    everything looks good from the outsite.
    I'm curious to why when I have portsentry turned on, I see all these ports.
    and when I don't I only see the ones I'm runnin.

    --WITH PORTSENTRY ON

    BSDtest# nmap -v -O 10.25.x.x
    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    No tcp,udp, or ICMP scantype specified, assuming SYN Stealth scan. Use -sP
    if you really don't want to portscan (and just want to see what hosts are
    up).
    Host mydomain(10.25.x.x) appears to be up ... good.
    Initiating SYN Stealth Scan against mydomain(10.25.x.x)
    Adding open port 15/tcp
    Adding open port 1524/tcp
    Adding open port 54320/tcp
    Adding open port 22/tcp
    Adding open port 32774/tcp
    Adding open port 540/tcp
    Adding open port 6667/tcp
    Adding open port 1/tcp
    Adding open port 32773/tcp
    Adding open port 12346/tcp
    Adding open port 32771/tcp
    Adding open port 27665/tcp
    Adding open port 11/tcp
    Adding open port 143/tcp
    Adding open port 12345/tcp
    Adding open port 1080/tcp
    Adding open port 79/tcp
    Adding open port 111/tcp
    Adding open port 2000/tcp
    Adding open port 25/tcp
    Adding open port 31337/tcp
    Adding open port 635/tcp
    Adding open port 80/tcp
    Adding open port 32772/tcp
    Adding open port 119/tcp
    The SYN Stealth Scan took 8 seconds to scan 1601 ports.
    For OSScan assuming that port 1 is open and port 2 is closed and neither are
    firewalled
    For OSScan assuming that port 1 is open and port 2 is closed and neither are
    firewalled
    For OSScan assuming that port 1 is open and port 2 is closed and neither are
    firewalled
    Interesting ports on mydomain(10.25.x.x):
    (The 1576 ports scanned but not shown below are in state: closed)
    Port State Service
    1/tcp open tcpmux
    11/tcp open systat
    15/tcp open netstat
    22/tcp open ssh
    25/tcp open smtp
    79/tcp open finger
    80/tcp open http
    111/tcp open sunrpc
    119/tcp open nntp
    143/tcp open imap2
    540/tcp open uucp
    635/tcp open unknown
    1080/tcp open socks
    1524/tcp open ingreslock
    2000/tcp open callbook
    6667/tcp open irc
    12345/tcp open NetBus
    12346/tcp open NetBus
    27665/tcp open Trinoo_Master
    31337/tcp open Elite
    32771/tcp open sometimes-rpc5
    32772/tcp open sometimes-rpc7
    32773/tcp open sometimes-rpc9
    32774/tcp open sometimes-rpc11
    54320/tcp open bo2k
    No exact OS matches for host (If you know what OS is running on it, see
    http://www.insecure.org/cgi-bin/nmap-submit.cgi).
    TCP/IP fingerprint:
    SInfo(V=3.00%P=i386-portbld-freebsd4.7%D=1/27%Time=3E357695%O=1%C=2)
    TSeq(Class=TR%IPID=I%TS=100HZ)
    T1(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
    T2(Resp=N)
    T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
    T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
    PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)

    Uptime 0.168 days (since Mon Jan 27 08:11:17 2003)
    TCP Sequence Prediction: Class=truly random
                             Difficulty=9999999 (Good luck!)
    IPID Sequence Generation: Incremental

    Nmap run completed -- 1 IP address (1 host up) scanned in 31 seconds

    --WITHOUT PORTSENTRY

    BSDtest# nmap -v -O 10.25.x.x

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    No tcp,udp, or ICMP scantype specified, assuming SYN Stealth scan. Use -sP
    if you really don't want to portscan (and just want to see what hosts are
    up).
    Host mydomain(10.25.x.x) appears to be up ... good.
    Initiating SYN Stealth Scan against mydomain(10.25.x.x)
    Adding open port 25/tcp
    Adding open port 22/tcp
    Adding open port 80/tcp
    The SYN Stealth Scan took 7 seconds to scan 1601 ports.
    For OSScan assuming that port 22 is open and port 1 is closed and neither
    are firewalled
    For OSScan assuming that port 22 is open and port 1 is closed and neither
    are firewalled
    For OSScan assuming that port 22 is open and port 1 is closed and neither
    are firewalled
    Interesting ports on mydomain(10.25.x.x):
    (The 1598 ports scanned but not shown below are in state: closed)
    Port State Service
    22/tcp open ssh
    25/tcp open smtp
    80/tcp open http
    No exact OS matches for host (If you know what OS is running on it, see
    http://www.insecure.org/cgi-bin/nmap-submit.cgi).
    TCP/IP fingerprint:
    SInfo(V=3.00%P=i386-portbld-freebsd4.7%D=1/27%Time=3E357B34%O=22%C=1)
    TSeq(Class=TR%IPID=I%TS=100HZ)
    T1(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
    T2(Resp=N)
    T3(Resp=Y%DF=Y%W=E000%ACK=S++%Flags=AS%Ops=MNWNNT)
    T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
    PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)

    Uptime 0.181 days (since Mon Jan 27 08:11:17 2003)
    TCP Sequence Prediction: Class=truly random
                             Difficulty=9999999 (Good luck!)
    IPID Sequence Generation: Incremental

    Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds

    I thought that portsentry was suppose to monitor the ports, but I didn't
    know that it would add all these ports as being open.
    will it still be ok to run portsentry or is there a better program to use to
    monitor ports, for portscans and probes?

    thanks.

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message