Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Why i'm i getting unused IPs in reports as if they had portsopen..

from [Todd Adamson] Network Security [Permanent Link]
Subject: RE: Why i'm i getting unused IPs in reports as if they had portsopen..
Date: Wed, 15 Jun 2005 14:30:45 -0500 
Do you have an anti-virus software installed on this machine?
It could be set to scan outbound email and ftp connections, thus
acting as a proxy.

Todd Adamson
tadamson@routers.com



-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org]On Behalf Of Michel Arboi
Sent: Wednesday, June 15, 2005 1:33 PM
To: Richie @ Firstpoint
Cc: nessus@list.nessus.org
Subject: Re: Why i'm i getting unused IPs in reports as if they had
portsopen..


On Wed Jun 15 2005 at 21:12, Richie @ Firstpoint wrote:


There is no IPS in the network.


Nothing like Labrea?


The "ports" being returned for all unused IPs in the network are 21
and 25. 


This is very strange. The ports are declared "open". This means that
something answered with SYNACK to SYN packets.
What happens if you telnet to those fake IPs / ports?


nothing in the network with the reported IP (checked via 

PING and port scan

with a port scanner such as SuperScan)


If you have Nmap installed (*), could you try:
nmap -P0 -p 21,25 -sS 192.168.0.0/24

I *insist* on the -P0 option. Or you can use -PS21,25

(*) And if you don't have nmap, it can be downloaded from
http://download.insecure.org/nmap/dist/nmap-3.81-win32.zip
You'll need WinPcap from http://winpcap.polito.it/ if you don't
already have it.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why i'm i getting unused IPs in reports as if they had ports open.., Michel Arboi
Next by Date:  RE: Why i'm i getting unused IPs in reports as if they had portsopen.., Richie @ Firstpoint
Previous by Thread:  Re: Why i'm i getting unused IPs in reports as if they had ports open.., Michel Arboi
Next by Thread:  RE: Why i'm i getting unused IPs in reports as if they had portsopen.., Richie @ Firstpoint
Indexes:  [Date] [Thread] [Top] [All Lists]