Very strange nmap scan results

From: Juan B (juanbabi@yahoo.com)
Date: Fri Sep 21 2007 - 11:16:43 EDT

• Next message: kevin horvath: "Re: R: WifiZoo v1.1"
• Previous message: Praburaajan: "HITBSecConf2007 - Malaysia Materials & Photos are up !"
• Next in thread: Hans-J. Ullrich: "Re: Very strange nmap scan results"
• Reply: Hans-J. Ullrich: "Re: Very strange nmap scan results"
• Reply: Rodrigo Dutra Salvalagio: "RE: Very strange nmap scan results"
• Maybe reply: jason_jones98@hotmail.com: "Re: Very strange nmap scan results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Hi all,
>
> For a client in scaning his Dmz from the internet.
>
> I know the servers are behind a pix 515 without any
> add security features ( they dont have any ips or
> the
> didnt enabled the ips feature of the pix). they also
dont have any honeypot etc..
>
> the strange is that two I receive too many open
> ports!
> for example I scan the mail relay and although just
> port 25 is open it report lots of more open ports!
> this is the nmap scan I issued:
>
> nmap -sT -vv -P0 -O -p1-1024 200.61.44.48/28 -oA
> cpsa.txt
>
> ( I changed the ip's here...)
>
> and the result for the mail relay for example are:
>
>
> nteresting ports on mail.cpsa.com (200.61.44.50):
> PORT STATE SERVICE
> 1/tcp open tcpmux
> 2/tcp open compressnet
> 3/tcp open compressnet
> 4/tcp open unknown
> 5/tcp open rje
> 6/tcp open unknown
> 7/tcp open echo
> 8/tcp filtered unknown
> 9/tcp open discard
> 10/tcp open unknown
> 11/tcp open systat
> 12/tcp open unknown
> 13/tcp open daytime
> 14/tcp open unknown
> 15/tcp open netstat
> 16/tcp open unknown
> 17/tcp open qotd
> 18/tcp filtered msp
> 19/tcp open chargen
> 20/tcp open ftp-data
> 21/tcp open ftp
> 22/tcp open ssh
> 23/tcp open telnet
> 24/tcp open priv-mail
> 25/tcp open smtp
> 26/tcp open unknown
> 27/tcp open nsw-fe
> 28/tcp open unknown
> 29/tcp open msg-icp
> 30/tcp open unknown
> 31/tcp open msg-auth
> 32/tcp open unknown
> 33/tcp open dsp
> 34/tcp open unknown
>
> this continues up to port 1024..
>
> any ideas how to eliminate so many false positives?
>
> thanks a lot,
>
> Juan
>
>
>
>
>
____________________________________________________________________________________
> Catch up on fall's hot new shows on Yahoo! TV. Watch
> previews, get listings, and more!
> http://tv.yahoo.com/collections/3658
>

      ____________________________________________________________________________________
Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos.
http://autos.yahoo.com/index.html
 

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: kevin horvath: "Re: R: WifiZoo v1.1"
• Previous message: Praburaajan: "HITBSecConf2007 - Malaysia Materials & Photos are up !"
• Next in thread: Hans-J. Ullrich: "Re: Very strange nmap scan results"
• Reply: Hans-J. Ullrich: "Re: Very strange nmap scan results"
• Reply: Rodrigo Dutra Salvalagio: "RE: Very strange nmap scan results"
• Maybe reply: jason_jones98@hotmail.com: "Re: Very strange nmap scan results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT