Re: nmap showing port 21 (ftp) open, but port is actually closed

From: Aaron J. Bedra (abedra@westervillelibrary.org)
Date: Mon Sep 12 2005 - 13:07:59 EDT

• Next message: Brian: "Replica Rolex - Stun your friends!"
• Previous message: Mark Owen: "Re: Assessing a machine with 2 NICs"
• In reply to: cy.wang: "Re: nmap showing port 21 (ftp) open, but port is actually closed"
• Next in thread: Luke Eckley: "Re: nmap showing port 21 (ftp) open, but port is actually closed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You guys should really be posting this on the nmap-hackers/nmap-dev
lists.

What version of nmap are you running? What OS and patch set?

One very key question is are you running any transparent caching proxy
servers? If so, your results will be incorrect.

Aaron J. Bedra

On Mon, 2005-09-12 at 17:19 +0800, cy.wang wrote:
> can you telnet to its port 21 ? maybe it's an open port not for FTP service .
> or , nmap possibly got fooled by some msg that ids/firewall returned
>
> Regards,
>
> c.y. wang
> security analysis engineer
> Shanda Interactive Entertainment Co. Ltd, Shanghai, China.
> Phone: +86-21-50504740-5046
> Email: wangchunying@snda.com
>
> ----- Original Message -----
> From: "Mike Jones" <sopiaz57@gmail.com>
> To: <pen-test@securityfocus.com>
> Sent: Friday, September 09, 2005 9:47 PM
> Subject: nmap showing port 21 (ftp) open, but port is actually closed
>
>
> > Has anyone ever seen this before, nmap is showing port 21 to be open on
> > a machine on the internet, but 21 is not listening on that machine. It
> > happens to all machines I scan outside the local area network.
> >
> > Thanks in advance
> >
> > ------------------------------------------------------------------------------
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on your
> > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> > futile against web application hacking. Check your website for vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > -------------------------------------------------------------------------------
> >
> >
> >

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Brian: "Replica Rolex - Stun your friends!"
• Previous message: Mark Owen: "Re: Assessing a machine with 2 NICs"
• In reply to: cy.wang: "Re: nmap showing port 21 (ftp) open, but port is actually closed"
• Next in thread: Luke Eckley: "Re: nmap showing port 21 (ftp) open, but port is actually closed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:52 EDT