From owner-freebsd-security Wed May 29 22:34: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by hub.freebsd.org (Postfix) with ESMTP id BA26A37B400 for ; Wed, 29 May 2002 22:33:54 -0700 (PDT) Received: from logical (pcp01940901pcs.hlcrs201.al.comcast.net [68.63.4.45]) by mtaout02.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with SMTP id <0GWW008EKSSHIV@mtaout02.icomcast.net> for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 01:33:54 -0400 (EDT) Date: Thu, 30 May 2002 00:33:53 -0500 From: nathan skains Subject: Nmap /w snort To: freebsd-security@FreeBSD.ORG Message-id: <006101c2079b$96528170$0200a8c0@logical> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <000001c20789$f19ff060$6301a8c0@visp> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i am having a similar problem earlier today i did a scan on my system and go the following results. later i ran another scan and got another weird port open, i am concerned with a comprimise. Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.5): (The 1545 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 113/tcp open auth 587/tcp open submission 1492/tcp open stone-design-1 << concern about this port being open 3306/tcp open mysql 6667/tcp open irc 6668/tcp open irc when i try an nmap as root i get this error Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) pcap_open_live: (no devices found) /dev/bpf4: No such file or directory There are several possible reasons for this, depending on your operating system: LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled. *BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV ; or use mknod). SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use "-P0 -sT localhost" though. but if i throw options in like -P0 -sT it works go figure. any ideas would be greatly appreicated. Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message