[Courses] [Security] nmap scan results

Raven, corporate courtesan raven at oneeyedcrow.net
Fri Mar 15 19:20:59 EST 2002 

Heya --

Quoth Hamster (Thu, Mar 14, 2002 at 05:02:16PM +0100):
> I have been doing some nmapping today (lots of fun) and thought I'd share the results. They're not all that interesting, but there might be something to discuss!

	Heh.  Wait until we get into the millions of other sorts of
scans that Nmap can do.  (That's one of the reasons we've been getting
into TCP vs. UDP vs. ICMP -- there are lots of different sorts of scans
that you can do, and lots of different vulnerabilities to look for.)
 
> The first result listed here is the External Nic of my gateway machine.
> Its running RedHat 7.1. I didnt anonomise the IP address cause its dynamic anyway. If not doing so is some breach of ettiquete, then let me know for next time!

	If it's your own personal machine, belonging to you,
administered by you, then I don't think you have to worry.  If you
posted "Haha, bet you can't hack this IP!" then your ISP might complain
about the flood of traffic, but something like this is probably fine.

	If, on the other hand, you posted the IP of a machine that was
at your job or that you admin'd but belonged to someone else, that might
be trouble.  I have had a couple of people send me their nmaps,
netstats, and server configurations offlist, asking me not to publicize
their IPs, for precisely this sort of reason.

> [root at HP233 /root]# nmap -sTU -v -p  1-65535 62.163.180.22
> 
> Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ )
> Host a180022.upc-a.chello.nl (62.163.180.22) appears to be up ... good.
> Initiating TCP connect() scan against a180022.upc-a.chello.nl (62.163.180.22)
> The TCP connect scan took 34 seconds to scan 65535 ports.
> Initiating FIN,NULL, UDP, or Xmas stealth scan against a180022.upc-a.chello.nl (62.163.180.22)
> The UDP or stealth FIN/NULL/XMAS scan took 465 seconds to scan 65535 ports.
> Interesting ports on a180022.upc-a.chello.nl (62.163.180.22):
> (The 131068 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 137/udp    open        netbios-ns
> 138/udp    open        netbios-dgm
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 500 seconds
> 
> I'll have to investigate my samba settings to try close that udp. I got the tcp shut ok...

	No ssh server listening externally, even?  Bold woman.  (And
good for you.)  I generally have an ssh server on most of my boxes so
that I can access them remotely if I need to, but some of my firewalls
and my home workstation don't have one.  

> This second scan is the private nic of the same gateway box.
> 
> [root at HP233 /root]# nmap -sTU -v -p  1-65535 192.168.100.1
> 
> Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ )
> Host  (192.168.100.1) appears to be up ... good.
> Initiating TCP connect() scan against  (192.168.100.1)
> Adding TCP port 139 (state open).
> Adding TCP port 22 (state open).
> The TCP connect scan took 34 seconds to scan 65535 ports.
> Initiating FIN,NULL, UDP, or Xmas stealth scan against  (192.168.100.1)
> The UDP or stealth FIN/NULL/XMAS scan took 466 seconds to scan 65535 ports.
> Interesting ports on  (192.168.100.1):
> (The 131066 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh
> 137/udp    open        netbios-ns
> 138/udp    open        netbios-dgm
> 139/tcp    open        netbios-ssn
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 501 seconds

	I am assuming that you want Samba to be listening on your
internal interface?
 
> [root at P3Linux root]# nmap -sTU -v -p 1-65535 192.168.100.100
> 
> Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
> Host  (192.168.100.100) appears to be up ... good.
> Initiating Connect() Scan against  (192.168.100.100)
> Adding open port 6000/tcp
> Adding open port 139/tcp
> Adding open port 22/tcp
> Adding open port 901/tcp
> The Connect() Scan took 3 seconds to scan 65535 ports.
> Initiating UDP Scan against  (192.168.100.100)
> The UDP Scan took 58 seconds to scan 65535 ports.
> Adding open port 138/udp
> Adding open port 137/udp
> Interesting ports on  (192.168.100.100):
> (The 131064 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh
> 137/udp    open        netbios-ns
> 138/udp    open        netbios-dgm
> 139/tcp    open        netbios-ssn
> 901/tcp    open        samba-swat
> 6000/tcp   open        X11
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 62 seconds

	You might want to set X to not listen on port 6000, but if you
are using it as an X server for other machines besides itself then leave
it as is.

Looking good,
Raven
 
"Sed, sed, awk.  Like duck, duck, goose.  Sync, sync, halt.  It's the
 order of nature."
  -- me, after too long a day at work

More information about the Courses mailing list