.

Nmap show a lot of ports

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Apr 27, 2009 11:49 pm

Nmap show a lot of ports

I am running a scan to a computer in internet and show me a looooooot of ports, and I know that it is not normall and that the all ports they are not open, I checked google but I could not find anything, somebody mention that probably is the firewall:

nmap -sS -sV -PO 192.168.1.1

Shows a lot of ports unknown and tcpwarpped, just want to see the open ports not the all the existing ports list.

But if I run the same command in a local computer shows me the really open ports.

What is worng? is it my firewall or I am mising another parameter?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

jimbob

Post Tue Apr 28, 2009 4:52 am

Re: Nmap show a lot of ports

Hi,
What device are you scanning? Are you sure that the open ports are false positives?

Jimbob
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Apr 28, 2009 7:15 am

Re: Nmap show a lot of ports

It could be a defensive mechanism on the other side as well.  I have a firewall I put together a while back that responded OPEN on the first 1024 ports when scanned.  It was an IpCop Distro with a few add-ons.
~~~~~~~~~~~~~~
Ketchup
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Apr 28, 2009 8:12 am

Re: Nmap show a lot of ports

Its a web server with CentOS and there is not firewall there. Let me see another machine (but all of them are CentOS).

But my question is: the command and the parameter is ok?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Apr 28, 2009 10:38 am

Re: Nmap show a lot of ports

Your command and parameter is ok. But dont use just one technique when scanning. That the beauty of nmap and its the most customizable scanner availble.  When you start combining timing options,etc... you sometimes obtain more reliable output. 
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Apr 28, 2009 12:03 pm

Re: Nmap show a lot of ports

Sounds like a setting a setting in the firewall. What if you try one of the other scan options.
sS - TCP SYN
sT - Connect()
sA - ACK
sW - Window
sM - Maimon scans
twitter.com/timmedin | http://blog.securitywhole.com
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Tue Apr 28, 2009 2:02 pm

Re: Nmap show a lot of ports

And don't forget the swiss army knife, netcat. You can always try connectign to the suspected port with nc -v 192.168.1.1 x where x is the port you want to connect to. If its open, you'll know along with its banner. Good luck.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Apr 28, 2009 2:13 pm

Re: Nmap show a lot of ports

impelse, also make sure you are running NMAP as root / administrator.  I have had some weird results, especially on nix when sudo'ing out.
~~~~~~~~~~~~~~
Ketchup
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Apr 28, 2009 2:22 pm

Re: Nmap show a lot of ports

I am using nmap with BackTrack 4 Beta, I am just experimenting a little bit, just to be familiar with it.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Artful Dodger

Newbie
Newbie

Posts: 43

Joined: Tue Apr 29, 2008 8:58 am

Post Wed Apr 29, 2009 12:38 pm

Re: Nmap show a lot of ports

Ive seen this happen when scsanning an ISA box.  It showed almost all ports opened.  They were false positives that I think were due to how it was proxying.
CISSP, C|HFI, Security+, Network+, XYZ...blah.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed Apr 29, 2009 1:21 pm

Re: Nmap show a lot of ports

I tested from my office and showed me just the open ports, so I tested from my home again and I got all the ports open, so I decided to upgrade therouter's firmware for the Linksys WTR54GS and after that I can not ping outside, jajajajajaj, it was to late so I couldn't complete a test with the nmap, because told me to use the -PN switch.

Now, I have to figure out why I can not ping outside, I did not setup any policy.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software