[Courses] [Security] safe use of nmap
jennyw
jennyw at dangerousideas.com
Fri Mar 15 19:50:49 EST 2002
From: "Raven, corporate courtesan" <raven at oneeyedcrow.net>
> I've had mixed results. Without a firewall, you *should* get an
> accurate scan, but you don't always. This seems to be more stable on
> modern Linuxes, but a few years ago it was a lot uglier.
Running nmap on localhost and running it on a different system produce
different results ... For the record, I'm using Debian Woody on both boxes
(upgraded from Potato in both cases). The host being scanned is running
ipchains (kernel 2.2.17).
Scanned from localhost:
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1534 ports scanned but not shown below are in state: closed)
Port State Service
9/tcp open discard
13/tcp open daytime
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
53/tcp open domain
80/tcp open http
109/tcp open pop-2
110/tcp open pop-3
139/tcp open netbios-ssn
143/tcp open imap2
443/tcp open https
993/tcp open imaps
10000/tcp open snet-sensor-mgmt
Scanned from the outside:
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on blahblah.com (x.x.x.x):
(The 1029 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
443/tcp open https
...
10000/tcp open snet-sensor-mgmt
...
The ellipses are areas where it showed that a bunch of ports were closed.
Not sure why it chose to display the hundreds and hundreds of ports as
closed ... maybe because of the 1029 ports it found that were filtered? Kind
of confusing ... I guess I should read the nmap man page ...
I've left a bunch of services running but firewalled because I'm testing
them out (don't have a whole lot of boxes to do testing on).
Yes, I should probably close ftp. In fact, I think I'm going to do that now
...
Just for kicks, here's what nstat -pl:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:smtp *:* LISTEN
11342/master
tcp 0 0 sw-90-736-717-3.:domain *:* LISTEN
9686/named
tcp 0 0 localhost:domain *:* LISTEN
9686/named
tcp 0 1 sw-90-736-717-3.St:3917 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3916 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3726 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3725 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3722 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3718 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3717 *:* CLOSE
280/fetchmail
tcp 0 1 sw-90-736-717-3.St:3716 *:* CLOSE
280/fetchmail
tcp 0 0 *:https *:* LISTEN
470/apache-ssl
tcp 0 0 *:www *:* LISTEN
456/apache
tcp 0 0 *:10000 *:* LISTEN
455/perl
tcp 0 0 *:ssh *:* LISTEN
435/sshd
tcp 0 0 *:netbios-ssn *:* LISTEN
286/inetd
tcp 0 0 *:pop3 *:* LISTEN
286/inetd
tcp 0 0 *:pop2 *:* LISTEN
286/inetd
tcp 0 0 *:imaps *:* LISTEN
286/inetd
tcp 0 0 *:imap2 *:* LISTEN
286/inetd
tcp 0 0 *:ftp *:* LISTEN
286/inetd
tcp 0 0 *:time *:* LISTEN
286/inetd
tcp 0 0 *:daytime *:* LISTEN
286/inetd
tcp 0 0 *:discard *:* LISTEN
286/inetd
udp 0 0 *:1088 *:*
9686/named
udp 0 0 sw-90-736-717-3.:domain *:*
9686/named
udp 0 0 localhost:domain *:*
9686/named
udp 0 0 *:10000 *:*
455/perl
udp 0 0 *:netbios-ns *:*
286/inetd
udp 0 0 *:discard *:*
286/inetd
raw 0 0 *:icmp *:*
7 -
raw 0 0 *:tcp *:*
7 -
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name
Path
unix 0 [ ACC ] STREAM LISTENING 421469 11342/master
private/defer
unix 0 [ ACC ] STREAM LISTENING 421477 11342/master
private/smtp
unix 0 [ ACC ] STREAM LISTENING 421481 11342/master
public/showq
unix 0 [ ACC ] STREAM LISTENING 627879 13873/gcache
/var/run/gcache_port
unix 0 [ ACC ] STREAM LISTENING 421485 11342/master
private/error
unix 0 [ ACC ] STREAM LISTENING 421489 11342/master
private/local
unix 0 [ ACC ] STREAM LISTENING 421473 11342/master
private/flush
unix 0 [ ACC ] STREAM LISTENING 421501 11342/master
private/cyrus
unix 0 [ ACC ] STREAM LISTENING 417966 9686/named
/var/run/ndc
unix 0 [ ACC ] STREAM LISTENING 421505 11342/master
private/uucp
unix 0 [ ACC ] STREAM LISTENING 421493 11342/master
private/virtual
unix 0 [ ACC ] STREAM LISTENING 421509 11342/master
private/ifmail
unix 0 [ ACC ] STREAM LISTENING 421513 11342/master
private/bsmtp
unix 0 [ ACC ] STREAM LISTENING 421454 11342/master
private/cleanup
unix 0 [ ACC ] STREAM LISTENING 421517 11342/master
private/scalemail-backend
unix 0 [ ACC ] STREAM LISTENING 421461 11342/master
private/rewrite
unix 0 [ ACC ] STREAM LISTENING 247 328/mysqld
/var/run/mysqld/mysqld.sock
unix 0 [ ACC ] STREAM LISTENING 421465 11342/master
private/bounce
unix 0 [ ACC ] STREAM LISTENING 421497 11342/master
private/lmtp
Jen
More information about the Courses
mailing list