Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Inconsistent port scans

from [Martin Macleod-Brown] Network Security [Permanent Link]
Subject: Inconsistent port scans
Date: Wed, 24 Aug 2005 14:42:45 +0100 
Hi Guys

Im having trouble verifying my port scans, I am getting very different
results...

Running a nessus scan  on a machine, I get 4 open ports, 445, 139, 427, 135 

Running LANguard I get 7 TCP (21, 25, 110,135, 427, 445) and 3 UDP (137,
138, 445)

I have used all scanners, with the same results. Then I tried using each
scanner individually to verify these results. I am using the correct SMB
credentials, UDP and TCP scanning enabled, nessus scan results below. I have
also copied the console output from a nmap scan at the bottom of the mail.

I can confirm that ports 110 and 21, 25 are open as I can telnet/FTP them.

Cant see why these open ports are not being picked up.

 

Results on using the nessus TCP scanner

 

NESSUS SECURITY SCAN REPORT

 

Created 24.08.2005            Sorted by host names

 

Session Name : testportscan

Start Time   : 24.08.2005 14:36:25

Finish Time  : 24.08.2005 14:36:32

Elapsed Time : 0 day(s) 00:00:07

 

 

Plugins used in this scan:

 

  Id    Name

----------------------------------------------------------------------------

  10180 Ping the remote host

  10335 Nessus TCP scanner

 

Preferences settings for this scan:

 

  max_hosts                                = 16

  max_checks                               = 10

  log_whole_attack                         = yes

  cgi_path                                 = /cgi-bin

  port_range                               = 1-1024

  optimize_test                            = no

  language                                 = english

  checks_read_timeout                      = 5

  non_simult_ports                         = 139, 445

  plugins_timeout                          = 320

  safe_checks                              = no

  auto_enable_dependencies                 = yes

  silent_dependencies                      = yes

  use_mac_addr                             = no

  save_knowledge_base                      = yes

  kb_restore                               = no

  only_test_hosts_whose_kb_we_dont_have    = no

  only_test_hosts_whose_kb_we_have         = no

  kb_dont_replay_scanners                  = no

  kb_dont_replay_info_gathering            = no

  kb_dont_replay_attacks                   = no

  kb_dont_replay_denials                   = no

  kb_max_age                               = 864000

  plugin_upload                            = no

  plugin_upload_suffixes                   = .nasl, .inc

  slice_network_addresses                  = no

  ntp_save_sessions                        = yes

  ntp_detached_sessions                    = yes

  server_info_nessusd_version              = 2.2.5

  server_info_libnasl_version              = 2.2.5

 

 

Total security holes found : 4

             high severity : 0

             Medium severity : 0

             informational : 4

 

 

Host: 163.119.128.180

 

Open ports:

 

   netbios-ssn (139/tcp)

   svrloc (427/tcp)

   microsoft-ds (445/tcp)

   unknown (135/tcp)

 

 

 

[root@morpheus sbin]# nmap -P0 -sS 163.119.128.180 -p 1-1024 -vv

 

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-22 14:28 BST
Initiating SYN Stealth Scan against 163.119.128.180 [1024 ports] at 14:28
Discovered open port 139/tcp on 163.119.128.180 Discovered open port 135/tcp
on 163.119.128.180 Discovered open port 445/tcp on 163.119.128.180
Discovered open port 427/tcp on 163.119.128.180 The SYN Stealth Scan took
0.05s to scan 1024 total ports.

Host 163.119.128.180 appears to be up ... good.

Interesting ports on 163.119.128.180:

(The 1020 ports scanned but not shown below are in state: closed)

PORT    STATE SERVICE

135/tcp open  msrpc

139/tcp open  netbios-ssn

427/tcp open  svrloc

445/tcp open  microsoft-ds

 

Nmap finished: 1 IP address (1 host up) scanned in 0.072 seconds

               Raw packets sent: 1024 (41KB) | Rcvd: 1024 (47.1KB)

 

 

Network Project Engineer,

Information Systems Division

London Business School, Sussex Place, Regents Park, London. NW1 4SA

t: +44 (0)20 7000 7772 direct

+44 (0)20 7262 5050 general

fax: +44 (0)20 7000 7771 direct 

+44 (0)20 7724 7875 general

e: mailto:mmacleod@london.edu      http://www.london.edu/technology/

 

 

 

 

 

 

 

 

 

 

 

[root@morpheus sbin]# nmap -P0 -sS 163.119.128.180 -p 1-1024 -vv

 

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-08-22 14:28 BST
Initiating SYN Stealth Scan against 163.119.128.180 [1024 ports] at 14:28
Discovered open port 139/tcp on 163.119.128.180 Discovered open port 135/tcp
on 163.119.128.180 Discovered open port 445/tcp on 163.119.128.180
Discovered open port 427/tcp on 163.119.128.180 The SYN Stealth Scan took
0.05s to scan 1024 total ports.

Host 163.119.128.180 appears to be up ... good.

Interesting ports on 163.119.128.180:

(The 1020 ports scanned but not shown below are in state: closed)

PORT    STATE SERVICE

135/tcp open  msrpc

139/tcp open  netbios-ssn

427/tcp open  svrloc

445/tcp open  microsoft-ds

 

Nmap finished: 1 IP address (1 host up) scanned in 0.072 seconds

               Raw packets sent: 1024 (41KB) | Rcvd: 1024 (47.1KB)

 

 

Network Project Engineer,

Information Systems Division

London Business School, Sussex Place, Regents Park, London. NW1 4SA

t: +44 (0)20 7000 7772 direct

+44 (0)20 7262 5050 general

fax: +44 (0)20 7000 7771 direct 

+44 (0)20 7724 7875 general

e: mailto:mmacleod@london.edu      http://www.london.edu/technology/

 

 

 

 

 

 

 


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Error using update-nessusrc, George A. Theall
Next by Date:  Plugin 19408 - MS05-039 - and Windows NT 4, Chad I. Uretsky
Previous by Thread:  Running Nessus in Batch Mode, Steve Smith
Next by Thread:  Re: Inconsistent port scans, Michel Arboi
Indexes:  [Date] [Thread] [Top] [All Lists]