RE: Why i'm i getting unused IPs in reports as if they had ports open..

No IPS.  Just a clean Windows XP with SP1 (no SP2).  No Labrea

I'll start by turning off Norton Antivirus.  Then will try your nmap -P0 -p
21,25 -sS 192.168.0.0/24 suggestion

BTW, I can't get it whi people say that LaBrea stands for "tarpit".  In
spanish "La Brea" means "The Tar" or "The Asphalt"; where does the "pit" or
"pond" thing comes from I have no idea.

Richie



> -----Original Message-----
> From: Michel Arboi [mailto:mikhail@nessus.org]
> Sent: Wednesday, June 15, 2005 1:33 PM
> To: Richie @ Firstpoint
> Cc: nessus@list.nessus.org
> Subject: Re: Why i'm i getting unused IPs in reports as if they had
> ports open..
>
>
> On Wed Jun 15 2005 at 21:12, Richie @ Firstpoint wrote:
>
> > There is no IPS in the network.
>
> Nothing like Labrea?
>
> > The "ports" being returned for all unused IPs in the network are 21
> > and 25.
>
> This is very strange. The ports are declared "open". This means that
> something answered with SYNACK to SYN packets.
> What happens if you telnet to those fake IPs / ports?
>
> > nothing in the network with the reported IP (checked via PING
> and port scan
> > with a port scanner such as SuperScan)
>
> If you have Nmap installed (*), could you try:
> nmap -P0 -p 21,25 -sS 192.168.0.0/24
>
> I *insist* on the -P0 option. Or you can use -PS21,25
>
> (*) And if you don't have nmap, it can be downloaded from
> http://download.insecure.org/nmap/dist/nmap-3.81-win32.zip
> You'll need WinPcap from http://winpcap.polito.it/ if you don't
> already have it.


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus