Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 May 2002 19:06:29 -0400
From:      "Peter C. Lai" <sirmoo@cowbert.2y.net>
To:        Dave Raven <dave@raven.za.net>
Cc:        George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG
Subject:   Re: ipfw issue with nmap false alarms
Message-ID:  <20020530190629.B49830@cowbert.2y.net>
In-Reply-To: <009001c207a9$454c7020$3800a8c0@DAVE>; from dave@raven.za.net on Thu, May 30, 2002 at 09:11:49AM +0200
References:  <000001c20789$f19ff060$6301a8c0@visp> <009001c207a9$454c7020$3800a8c0@DAVE>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Allowing all packets from any to any via lo0 will show
open ports when scanning localhost, since with the above rule
any packet sent from localhost to localhost will be accepted
(which is what nmap is using when scanning localhost).

I believe the above rule also allows packets originating
from your external IP destined for that same IP. Better
to use a different interface to scan the original one.

On Thu, May 30, 2002 at 09:11:49AM +0200, Dave Raven wrote:
> That is the problem, your scanning localhost.
> rather scan an external card.
> 
> 
> --Dave.
> 
> 
> ----- Original Message -----
> From: "Brett Moore" <brett@softwarecreations.co.nz>
> To: <George.Giles@mcmail.vanderbilt.edu>; <freebsd-security@FreeBSD.ORG>
> Sent: Thursday, May 30, 2002 5:27 AM
> Subject: RE: ipfw issue with nmap false alarms
> 
> 
> > Others may correct me if I am wrong here.
> >
> > I have had the same 'problem'. I was told/read that nmap may sometimes
> > report the port that it is using as open when run against localhost.
> >
> > Try 2.54BETA34 its for d/l at the site.
> >
> > Brett
> >
> >
> > > -----Original Message-----
> > > From: owner-freebsd-security@FreeBSD.ORG
> > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of
> > > George.Giles@mcmail.vanderbilt.edu
> > > Sent: Thursday, 30 May 2002 15:06
> > > To: freebsd-security@FreeBSD.ORG
> > > Subject: ipfw issue with nmap false alarms
> > >
> > >
> > > nmap reports as expected when scanning the actual ip address, but when
> run
> > > against localhost various open ports show up.
> > >
> > > Any ideas ?
> > >
> > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> > > Interesting ports on localhost (127.0.0.1):
> > > (The 1540 ports scanned but not shown below are in state: closed)
> > > Port       State       Service
> > > 21/tcp     open        ftp
> > > 22/tcp     open        ssh
> > > 53/tcp     open        domain
> > > 80/tcp     open        http
> > > 443/tcp    open        https
> > > 1669/tcp   open        netview-aix-9
> > >
> > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
> > > bash-2.05$ nmap localhost
> > >
> > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> > > Interesting ports on localhost (127.0.0.1):
> > > (The 1540 ports scanned but not shown below are in state: closed)
> > > Port       State       Service
> > > 21/tcp     open        ftp
> > > 22/tcp     open        ssh
> > > 53/tcp     open        domain
> > > 80/tcp     open        http
> > > 443/tcp    open        https
> > > 2044/tcp   open        rimsl
> > >
> > >
> > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds
> > > bash-2.05$ nmap localhost
> > >
> > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
> > > Interesting ports on localhost (127.0.0.1):
> > > (The 1539 ports scanned but not shown below are in state: closed)
> > > Port       State       Service
> > > 21/tcp     open        ftp
> > > 22/tcp     open        ssh
> > > 53/tcp     open        domain
> > > 80/tcp     open        http
> > > 443/tcp    open        https
> > > 2003/tcp   open        cfingerd
> > > 3306/tcp   open        mysql
> > >
> > >
> > >
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020530190629.B49830>