Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 May 2002 09:20:31 +0200
From:      "Dave Raven" <dave@raven.za.net>
To:        "nathan skains" <nskains@comcast.net>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: Nmap /w snort
Message-ID:  <009801c207aa$7c4003c0$3800a8c0@DAVE>
References:  <000001c20789$f19ff060$6301a8c0@visp> <006101c2079b$96528170$0200a8c0@logical>

next in thread | previous in thread | raw e-mail | index | archive | help
is 192.168.0.5 the box? That might be the problem,
 scanning yourself is no good.
Fix the nmap problem by making more bpf devices.
cd /dev/ && sh ./MAKEDEV bpf4 bpf5 bpf6

Does that port change? Or always stay the same?
check sockstat. check netstat.


--Dave.

----- Original Message -----
From: "nathan skains" <nskains@comcast.net>
To: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 30, 2002 7:33 AM
Subject: Nmap /w snort


> i am having a similar problem earlier today i did a scan on my system and
go
> the following results. later i ran another scan and got another weird port
> open, i am concerned with a comprimise.
> Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
>
> Interesting ports on (192.168.0.5):
>
> (The 1545 ports scanned but not shown below are in state: closed)
>
> Port State Service
>
> 21/tcp open ftp
>
> 22/tcp open ssh
>
> 25/tcp open smtp
>
> 80/tcp open http
>
> 110/tcp open pop-3
>
> 113/tcp open auth
>
> 587/tcp open submission
>
> 1492/tcp open stone-design-1 << concern about this port being open
>
> 3306/tcp open mysql
>
> 6667/tcp open irc
>
> 6668/tcp open irc
>
> when i try an nmap as root i get this error
>
> Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
> pcap_open_live: (no devices found) /dev/bpf4: No such file or directory
> There are several possible reasons for this, depending on your operating
> system:
> LINUX: If you are getting Socket type not supported, try modprobe
af_packet
> or recompile your kernel with SOCK_PACKET enabled.
> *BSD:  If you are getting device not configured, you need to recompile
your
> kernel with Berkeley Packet Filter support.  If you are getting No such
file
> or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or
use
> mknod).
> SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No
such
> file or directory', complain to Sun.  I don't think Solaris can support
> advanced localhost scans.  You can probably use "-P0 -sT localhost"
though.
>
> but if i throw options in like -P0 -sT it works go figure.
> any ideas would be greatly appreicated.
>
> Nathan
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009801c207aa$7c4003c0$3800a8c0>