Security Basics mailing list archives

Re: Very strange nmap scan results

From: Brian Laing <brian () redseal net>
Date: Fri, 21 Sep 2007 10:20:50 -0700

Interesting, If I had to hazard a guess I would almost think youhave some dynamic port translation going on. Would you be willing toshare the configuration file of the firewall?

--------------------------------------------------------------------
Brian Laing
Chief Security Officer
Cellphone:  +1 650.280.2389
Office:     +1 (888) 845-8169 Ext. 805
Email: brian () redseal net

Redseal Systems – http://www.redseal.net

Instant Visibility.  Threats Averted.
-------------------------------------------------------------------




On Sep 21, 2007, at 10:14 AM, Juan B wrote:

Yes I did.

for example fort 25 and its opened.

Juan
--- Brian Laing <brian () redseal net> wrote:

Also have you tried to telnet into some of these
ports to verify they
are or are not listening?

--------------------------------------------------------------------

Brian Laing
Chief Security Officer
Cellphone:  +1 650.280.2389
Office:     +1 (888) 845-8169 Ext. 805
Email: brian () redseal net

Redseal Systems – http://www.redseal.net

Instant Visibility.  Threats Averted.

-------------------------------------------------------------------





On Sep 20, 2007, at 9:22 PM, infos3c () gmail com
wrote:

Hi Juan,

Here you have used TCP connect scan [nmap -sT].Are

you getting same

list of open ports for Syn scan [nmap -sS] also?

if you are getting the same ports for Syn scan

then put a sniffer

to see whether you are receiving SynAck from the

IP you are

scanning. If there are no replies coming the

problem is local o

your machine from where you are doing scanning.

However if there

are replies (SynAck) coming, then you know some

one is responding

to your scanning.

At the end of this if you conclude that the host

being scanned

(PIX) is really replying for all these connection

attempts then you

can try "Firewalking" on random ports to pass

through the

firewall.....

Hope this helps

____________________________________________________________________________________

Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html

Current thread:

Very strange nmap scan results Juan B (Sep 20)
- Re: Very strange nmap scan results Steven Hollingsworth (Sep 21)
- <Possible follow-ups>
- Re: Very strange nmap scan results infos3c (Sep 21)
  - Re: Very strange nmap scan results Brian Laing (Sep 21)
    - Re: Very strange nmap scan results Juan B (Sep 21)
    - Re: Very strange nmap scan results Brian Laing (Sep 21)