Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Not Reporting Ports

from [Karl Tatgenhorst] Network Security [Permanent Link]
Subject: Re: Not Reporting Ports
Date: Wed, 17 May 2006 14:48:40 -0500 


That scan looks a lot like an nmap scan run with the P0 option. The P
zero option tells nmap "don't worry about a response, assume the host is
up" This causes nmap to tell you that all the ports you specified are
filtered, because nmap gets no response and yet believes the host up.
Try preceding your nmap scans with an arp-ping to determine if the host
is truly up or not.

Karl

On Wed, 2006-05-17 at 15:39 -0400, sanjeev sinha wrote:

Is there a firewall in between?  What does the nessus log file
suggests?  What are the various tcp states on the host being scanned
while this is going on?
 
Sanjeev
 
All work and no play makes Jack a dull boy --- Jack Torrance, The
Shining
        ----- Original Message ----- 
        From: Ray DuBose 
        To: nessus@list.nessus.org 
        Sent: Wednesday, May 17, 2006 2:43 PM
        Subject: Not Reporting Ports
        
        
        
        Hey,
        
         
        
         Fairly new to nessus so be kind.  I have 2 IPâs that Iâve
        been asked to scan.  When I run NMAP against them using âsS I
        get several filtered ports:
        
         
        
        (The 56612 ports scanned but not shown below are in state:
        closed)
        
        PORT      STATE    SERVICE
        
        21/tcp    filtered ftp
        
        22/tcp    filtered ssh
        
        23/tcp    filtered telnet
        
        80/tcp    filtered http
        
        137/tcp   filtered netbios-ns
        
        161/tcp   filtered snmp
        
        162/tcp   filtered snmptrap
        
        443/tcp   filtered https
        
        491/tcp   filtered go-login
        
        554/tcp   filtered rtsp
        
        3389/tcp  filtered ms-term-serv
        
        4441/tcp  filtered unknown
        
        4444/tcp  filtered krb524
        
        5350/tcp  filtered unknown
        
        7070/tcp  filtered realserver
        
        8000/tcp  filtered http-alt
        
        8080/tcp  filtered http-proxy
        
        8087/tcp  filtered unknown
        
        8380/tcp  filtered unknown
        
        8480/tcp  filtered unknown
        
        10000/tcp filtered snet-sensor-mgmt
        
        10130/tcp filtered unknown
        
        11889/tcp filtered unknown
        
         
        
        But when I run a Nessus Scan against the same host I get
        nothing back other than a genera/tcp
        
        Information about this scan : 
        
         
        
        Nessus version : 3.0.2
        
        Plugin feed version : 200603211235
        
        Type of plugin feed : Release
        
        Scanner IP : 10.1.11.113
        
        Port scanner(s) : synscan 
        
        Port range : 1-65535
        
        Thorough tests : no
        
        Experimental tests : no
        
        Paranoia level : 1
        
        Report Verbosity : 1
        
        Safe checks : yes
        
        Max hosts : 16
        
        Max checks : 10
        
        Scan Start Date : 2006/5/17 13:15
        
        Scan duration : 285 sec
        
         
        
        And general/UDP that just shows a traceroute to the host. Iâm
        running Nessus on Fedora Core 5 and this is the latest version
        of Nessus as I just built it today.  Iâve tried all the port
        scanners that are listed as well as both the Linux Client and
        the Windows Client. The NMAP was run from the same Nessus
        Server.  Am I doing something wrong?
        
         
        
        Ray
        
         
        
        
        
        ______________________________________________________________
        
        _______________________________________________
        Nessus mailing list
        Nessus@list.nessus.org
        http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Not Reporting Ports, sanjeev sinha
Next by Date:  Re: Not Reporting Ports, Ferdy Riphagen
Previous by Thread:  Re: Not Reporting Ports, sanjeev sinha
Next by Thread:  Re: Not Reporting Ports, Ferdy Riphagen
Indexes:  [Date] [Thread] [Top] [All Lists]