Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

nmap results

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers nmap results
# 8  
Old 04-04-2002
An nmap with a UDP option always shows open ports as filtered when u perform it over a range of ports .
When u perform it on a per - port basis it gives it as open
If thats a bug with nmap , I am not sure ...
But thats how it is .
UDP Scanning filtered <=> open

DP
# 9  
Old 04-04-2002
Well, the results you first posted above, it looks like you ran a TCP scan, not a UDP one. If you did run a UDP scan, then yes, I suppose nmap could assume it was filtered, since UDP is connectionless, and won't reply. It will only show as closed the ports that receive an ICMP Unreachable (I think) message.

I hate to suggest this, but maybe you should boot from floppy or CD, and run the tools from CD or another filesystem. You may have been rooted and had trojan horses installed that will filter itself out of ps, top, netstat, and other tools. Also, you might check chkrootkit (http://www.chkrootkit.org/). It recognizes many trojans.

Has your Redhat 6.2 been patched? Default 6.2 has plenty of exploitable problems by default in it (ftpd, telnetd, sshd, lpd, etc...). Also, have you tried connecting to any of these ports to see if they provide a banner or possibly even a shell? (I doubt they will though, if nmap shows them as filtered).

If you do turn out to be trojaned, you should wipe your disk clean and reinstall from CD. You may be able to clean up after the rootkit, but you don't know what else has been done.

Please post back and let us know what's going on...
# 10  
Old 04-04-2002
I tried to scan again using 'knocker' from a machine which i believe is not being compromised. This time, knocker can only find one port, SSH, opened, which is what i expected. From the same machine nmap results still show that these 4 ports are still in 'filtered' state. Is it a bug or something with nmap?

Pls advise me on the vulnerabilities of RH6.2. My boxes have not been patched.
# 11  
Old 04-05-2002
I don't know all of them; I have upgraded my home machine to RH 7.2.
Check here: http://www.redhat.com/support/errata...a-general.html
By the looks of it, you have a bit of work to do!
Keep in mind, though, that not all of those are critical, and even a few of the really important ones are for applications you probably don't use. In that case, I usually just uninstall it rather than expose a security risk or upgrade software I don't want / need.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Homework & Coursework Questions

How to scan IP range using nmap?

Scripting language : Bash Shell Script 1. problem statement I have to create function in which read IP addresses one by one from one file (iplist.txt) and scan these IP using nmap. This scan IP's output is saved in output.txt file and parse output.txt to save only open ports with particular IP... (3 Replies)
Discussion started by: sk151993
3 Replies

2. IP Networking

Why Nmap UDP need Root?

I was just wondering, why does Nmap need root when doing an -sU UDP Scan? Please and Thank You. (3 Replies)
Discussion started by: amreason
3 Replies

3. Cybersecurity

Help with NMAP

I'm seeing a persistent address showing up on my firewall router logs. The address is 10.98.115.9:67, and is broadcasting to 255.255.255.255. I know that this would typically signal a BOOTP service, such as a bootp server announcing itself on the network. But I can't isolate which machine it... (3 Replies)
Discussion started by: renoir611
3 Replies

4. Shell Programming and Scripting

Can ctag and cscope support recording search results and displaying the history results ?

Hello , When using vim, can ctag and cscope support recording search results and displaying the history results ? Once I jump to one tag, I can use :tnext to jump to next tag, but how can I display the preview search result? (0 Replies)
Discussion started by: 915086731
0 Replies

5. Linux

nmap binaries for linux

Hi , I am exploring the nmap utility for Linux. I know that, nmap binaries are specific to the platforms e.g. nmap binaries will be diferent for Windows , AIX , Solaris and Linux platforms. Can anyone tell me , will the nmap binaries be different for different flavours of Linux such as... (1 Reply)
Discussion started by: jatin56
1 Replies

6. Solaris

Nmap error

I 'm getting following error when i run nmap for an ip .. what could be the reason for it ? #nmap 10.22.67.18 Starting Nmap 4.68 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-07-06 19:07 UTC Warning: Unable to open interface e1000g3301000 -- skipping it.... (2 Replies)
Discussion started by: fugitive
2 Replies

7. AIX

nmap on aix 5.2

I'm trying to compile nmap 4.11 on an aix 5.2 machine and get the following error when attempting the 'make' command; make "Makefile", line 1: make: 1254-055 Dependency line needs colon or double colon operator. "Makefile", line 14: make: 1254-055 Dependency line needs colon or double colon... (2 Replies)
Discussion started by: zuessh
2 Replies

8. Shell Programming and Scripting

Nmap PHP FE

Hi everyone! I've temporarily come out of hibernation (and will be gone for about two weeks after this post too) to ask for input on a small PHP script I have just completed. The script aims to be a remote front-end for Nmap - now for the safety of this post, I ask that any replies refrain from... (6 Replies)
Discussion started by: Karma
6 Replies

9. Cybersecurity

Nmap

I am pretty new at running nmap ,and i have some doubt about some o/ps the nmap shows I tried to scan my own system for UDP open ports I see that if i use one UDP port say 13 It shows that its in open state , etc But if i scan for the whole UDP ports in the nmap-services . I gives te... (2 Replies)
Discussion started by: DPAI
2 Replies
Login or Register to Ask a Question