Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 May 2002 09:20:31 +0200
From:      "Dave Raven" <>
To:        "nathan skains" <>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: Nmap /w snort
Message-ID:  <009801c207aa$7c4003c0$3800a8c0@DAVE>
References:  <000001c20789$f19ff060$6301a8c0@visp> <006101c2079b$96528170$0200a8c0@logical>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
is the box? That might be the problem,
 scanning yourself is no good.
Fix the nmap problem by making more bpf devices.
cd /dev/ && sh ./MAKEDEV bpf4 bpf5 bpf6

Does that port change? Or always stay the same?
check sockstat. check netstat.


----- Original Message -----
From: "nathan skains" <>
To: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 30, 2002 7:33 AM
Subject: Nmap /w snort

> i am having a similar problem earlier today i did a scan on my system and
> the following results. later i ran another scan and got another weird port
> open, i am concerned with a comprimise.
> Starting nmap V. 2.54BETA34 ( )
> Interesting ports on (
> (The 1545 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 110/tcp open pop-3
> 113/tcp open auth
> 587/tcp open submission
> 1492/tcp open stone-design-1 << concern about this port being open
> 3306/tcp open mysql
> 6667/tcp open irc
> 6668/tcp open irc
> when i try an nmap as root i get this error
> Starting nmap V. 2.54BETA34 ( )
> pcap_open_live: (no devices found) /dev/bpf4: No such file or directory
> There are several possible reasons for this, depending on your operating
> system:
> LINUX: If you are getting Socket type not supported, try modprobe
> or recompile your kernel with SOCK_PACKET enabled.
> *BSD:  If you are getting device not configured, you need to recompile
> kernel with Berkeley Packet Filter support.  If you are getting No such
> or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or
> mknod).
> SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No
> file or directory', complain to Sun.  I don't think Solaris can support
> advanced localhost scans.  You can probably use "-P0 -sT localhost"
> but if i throw options in like -P0 -sT it works go figure.
> any ideas would be greatly appreicated.
> Nathan
> To Unsubscribe: send mail to
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <$7c4003c0$3800a8c0>