Security Basics mailing list archives
Re: Very strange nmap scan results
From: Brian Laing <brian () redseal net>
Date: Fri, 21 Sep 2007 09:57:06 -0700
Also have you tried to telnet into some of these ports to verify they are or are not listening?
-------------------------------------------------------------------- Brian Laing Chief Security Officer Cellphone: +1 650.280.2389 Office: +1 (888) 845-8169 Ext. 805 Email: brian () redseal net Redseal Systems – http://www.redseal.net Instant Visibility. Threats Averted. ------------------------------------------------------------------- On Sep 20, 2007, at 9:22 PM, infos3c () gmail com wrote:
Hi Juan,Here you have used TCP connect scan [nmap -sT].Are you getting same list of open ports for Syn scan [nmap -sS] also?if you are getting the same ports for Syn scan then put a sniffer to see whether you are receiving SynAck from the IP you are scanning. If there are no replies coming the problem is local o your machine from where you are doing scanning. However if there are replies (SynAck) coming, then you know some one is responding to your scanning.At the end of this if you conclude that the host being scanned (PIX) is really replying for all these connection attempts then you can try "Firewalking" on random ports to pass through the firewall.....Hope this helps
Current thread:
- Very strange nmap scan results Juan B (Sep 20)
- Re: Very strange nmap scan results Steven Hollingsworth (Sep 21)
- <Possible follow-ups>
- Re: Very strange nmap scan results infos3c (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Juan B (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)