Security Basics mailing list archives
Re: Very strange nmap scan results
From: Brian Laing <brian () redseal net>
Date: Fri, 21 Sep 2007 10:20:50 -0700
Interesting, If I had to hazard a guess I would almost think you have some dynamic port translation going on. Would you be willing to share the configuration file of the firewall?
-------------------------------------------------------------------- Brian Laing Chief Security Officer Cellphone: +1 650.280.2389 Office: +1 (888) 845-8169 Ext. 805 Email: brian () redseal net Redseal Systems – http://www.redseal.net Instant Visibility. Threats Averted. ------------------------------------------------------------------- On Sep 21, 2007, at 10:14 AM, Juan B wrote:
Yes I did. for example fort 25 and its opened. Juan --- Brian Laing <brian () redseal net> wrote:Also have you tried to telnet into some of these ports to verify they are or are not listening?--------------------------------------------------------------------Brian Laing Chief Security Officer Cellphone: +1 650.280.2389 Office: +1 (888) 845-8169 Ext. 805 Email: brian () redseal net Redseal Systems – http://www.redseal.net Instant Visibility. Threats Averted.-------------------------------------------------------------------On Sep 20, 2007, at 9:22 PM, infos3c () gmail com wrote:Hi Juan, Here you have used TCP connect scan [nmap -sT].Areyou getting samelist of open ports for Syn scan [nmap -sS] also? if you are getting the same ports for Syn scanthen put a snifferto see whether you are receiving SynAck from theIP you arescanning. If there are no replies coming theproblem is local oyour machine from where you are doing scanning.However if thereare replies (SynAck) coming, then you know someone is respondingto your scanning. At the end of this if you conclude that the hostbeing scanned(PIX) is really replying for all these connectionattempts then youcan try "Firewalking" on random ports to passthrough thefirewall..... Hope this helps______________________________________________________________________ ______________Check out the hottest 2008 models today at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
Current thread:
- Very strange nmap scan results Juan B (Sep 20)
- Re: Very strange nmap scan results Steven Hollingsworth (Sep 21)
- <Possible follow-ups>
- Re: Very strange nmap scan results infos3c (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Juan B (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)
- Re: Very strange nmap scan results Brian Laing (Sep 21)