Re: Oracle 11i nmap scan results

From: Moussa Diallo (moussadiallo@free.fr)
Date: Sun Oct 16 2005 - 06:36:32 EDT

• Next message: Paul Robertson: "Re: Pen test - Attorney client Privilege?"
• Previous message: Mark: "Check this out"
• In reply to: G. Vietor Davis III: "Re: Oracle 11i nmap scan results"
• Next in thread: Lyal Collins: "RE: Oracle 11i nmap scan results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

G. Vietor Davis III wrote:

> By default nmap does not scan the full port range. The man page says:
> "The default is to scan all ports between a and 1024 as wall as any
> ports listed in the services file which comes with nmap".
>
> If you would like to scan all ports you must explicitly instruct nmap
> to do so by passing it the option "-p 1-65534".
>
> Hope this clears up your confusion,
>
> G. Vietor Davis
> Systems Monkey
> Trained Monkey Studios
> www.trainedmonkeystudios.org
>
> Brooks, Shane wrote:
>
>> Sorry if this is a dumb question, but I've found nothing on Google
>> about the issue.
>>
>> I'm doing a portscan against an Oracle 11i Oracle Applications
>> server. The output shows:
>>
>> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-10-14
>> 14:05 EDT
>> Interesting ports on oraappserver1.inside.net (172.10.10.86):
>> (The 1653 ports scanned but not shown below are in state: closed)
>> PORT STATE SERVICE
>> 22/tcp open ssh
>> 111/tcp open rpcbind
>> 113/tcp open auth
>> 139/tcp open netbios-ssn
>> 445/tcp open microsoft-ds
>> 1666/tcp open netview-aix-6
>> 5555/tcp open freeciv
>> 6000/tcp open X11
>> 9090/tcp open zeus-admin
>> 12345/tcp open NetBus
>> MAC Address: 00:0B:CD:9B:A2:98 (Compaq (HP))
>>
>>
>>
>> Yet to connect to the box, the users open a browser and connect to
>> http://oraserver1.inside.net:8040
>> They can also connect with the same URL but to ports 8020, and 8010.
>>
>> There is no firewall on the box, or between the box and the users.
>> Why do these port not show up on nmap?
>>
>> Thanks in advance,
>> Shane
>>
>>
>
Are you sure all the port listed bellow are open ?!
You should also take a look at the tcp port 12345 Netbus Backdoor ...

regards,
Moussa

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Paul Robertson: "Re: Pen test - Attorney client Privilege?"
• Previous message: Mark: "Check this out"
• In reply to: G. Vietor Davis III: "Re: Oracle 11i nmap scan results"
• Next in thread: Lyal Collins: "RE: Oracle 11i nmap scan results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:04 EDT