Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Very strange nmap scan results

from [Rodrigo Dutra Salvalagio] Network Security [Permanent Link]
Subject: RE: Very strange nmap scan results
Date: Mon, 24 Sep 2007 14:57:36 -0300 
Hello Juan,
This Pix will do that...
You can reduce this false positive using -sV, this tell nmap to get
Version number, from running services.

Regards,
Salvalagio
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Juan B
Sent: sexta-feira, 21 de setembro de 2007 12:17
To: pen-test@securityfocus.com
Subject: Very strange nmap scan results



Hi all,

For a client in scaning his Dmz from the internet.

I know the servers are behind a pix 515 without any
add security features ( they dont have any ips or
the
didnt enabled the ips feature of the pix). they also

dont have any honeypot etc..


the strange is that two I receive too many open
ports!
for example I scan the mail relay and although just
port 25 is open it report lots of more open ports!
this is the nmap scan I issued:

nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA
cpsa.txt   

( I changed the ip's here...)

and the result for the mail relay for example are:


nteresting ports on mail.cpsa.com (200.61.44.50):
PORT     STATE    SERVICE
1/tcp    open     tcpmux
2/tcp    open     compressnet
3/tcp    open     compressnet
4/tcp    open     unknown
5/tcp    open     rje
6/tcp    open     unknown
7/tcp    open     echo
8/tcp    filtered unknown
9/tcp    open     discard
10/tcp   open     unknown
11/tcp   open     systat
12/tcp   open     unknown
13/tcp   open     daytime
14/tcp   open     unknown
15/tcp   open     netstat
16/tcp   open     unknown
17/tcp   open     qotd
18/tcp   filtered msp
19/tcp   open     chargen
20/tcp   open     ftp-data
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   open     telnet
24/tcp   open     priv-mail
25/tcp   open     smtp
26/tcp   open     unknown
27/tcp   open     nsw-fe
28/tcp   open     unknown
29/tcp   open     msg-icp
30/tcp   open     unknown
31/tcp   open     msg-auth
32/tcp   open     unknown
33/tcp   open     dsp
34/tcp   open     unknown

this continues up to port 1024..

any ideas how to eliminate so many false positives?

thanks a lot,

Juan
                              


     


________________________________________________________________________
____________

Catch up on fall's hot new shows on Yahoo! TV. Watch
previews, get listings, and more!
http://tv.yahoo.com/collections/3658 





 
________________________________________________________________________
____________
Don't let your dream ride pass you by. Make it a reality with Yahoo!
Autos.
http://autos.yahoo.com/index.html
 



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Very strange nmap scan results, Adrian Sanabria
Next by Date:  Re: Buffer Overflow Experiment, Amit Bagree
Previous by Thread:  RE: Very strange nmap scan results, Mohr, James
Next by Thread:  Re: Very strange nmap scan results, jason_jones98
Indexes:  [Date] [Thread] [Top] [All Lists]