What does this nmap report mean - Security

This is a discussion on What does this nmap report mean - Security ; I've nmapped a host hitting my port 22 repeatedly and see this: PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 135/tcp filtered msrpc 143/tcp open imap 443/tcp open https 445/tcp ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: What does this nmap report mean

  1. What does this nmap report mean

    I've nmapped a host hitting my port 22 repeatedly and see this:

    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    80/tcp open http
    110/tcp open pop3
    111/tcp open rpcbind
    135/tcp filtered msrpc
    143/tcp open imap
    443/tcp open https
    445/tcp filtered microsoft-ds
    993/tcp open imaps
    995/tcp open pop3s
    3306/tcp open mysql
    10000/tcp open snet-sensor-mgmt
    31337/tcp open Elite

    Is this a zombie that doesn't now its controlled with a backdoor at
    31337/tcp open Elite or just some sort of comeon filter or
    something?

    The machine is in Tai-wan or at least shows a TW IP.

  2. Re: What does this nmap report mean

    "Harry Putnam" wrote in message
    news:87hd6jkpsd.fsf@newsguy.com

    > I've nmapped a host hitting my port 22 repeatedly and see this:
    >
    > PORT STATE SERVICE
    > 22/tcp open ssh
    > 25/tcp open smtp
    > 80/tcp open http
    > 110/tcp open pop3
    > 111/tcp open rpcbind
    > 135/tcp filtered msrpc
    > 143/tcp open imap
    > 443/tcp open https
    > 445/tcp filtered microsoft-ds
    > 993/tcp open imaps
    > 995/tcp open pop3s
    > 3306/tcp open mysql
    > 10000/tcp open snet-sensor-mgmt
    > 31337/tcp open Elite
    >
    > Is this a zombie that doesn't now its controlled with a backdoor at
    > 31337/tcp open Elite or just some sort of comeon filter or
    > something?


    Port 31337 is open; nmap (in the absence of -sV) has no idea what process is
    bound to that particular port and is merely reporting the entry from the
    nmap-services file.

    So you think that by port scanning their machine that you are any different
    from them and what they are doing?


  3. Re: What does this nmap report mean

    "ynotssor" writes:

    > "Harry Putnam" wrote in message
    > news:87hd6jkpsd.fsf@newsguy.com
    >
    >> I've nmapped a host hitting my port 22 repeatedly and see this:
    >>
    >> PORT STATE SERVICE
    >> 22/tcp open ssh
    >> 25/tcp open smtp
    >> 80/tcp open http
    >> 110/tcp open pop3
    >> 111/tcp open rpcbind
    >> 135/tcp filtered msrpc
    >> 143/tcp open imap
    >> 443/tcp open https
    >> 445/tcp filtered microsoft-ds
    >> 993/tcp open imaps
    >> 995/tcp open pop3s
    >> 3306/tcp open mysql
    >> 10000/tcp open snet-sensor-mgmt
    >> 31337/tcp open Elite
    >>
    >> Is this a zombie that doesn't now its controlled with a backdoor at
    >> 31337/tcp open Elite or just some sort of comeon filter or
    >> something?

    >
    > Port 31337 is open; nmap (in the absence of -sV) has no idea what process is
    > bound to that particular port and is merely reporting the entry from the
    > nmap-services file.
    >


    > So you think that by port scanning their machine that you are any different
    > from them and what they are doing?


    Port scanning is not and indication of something bad always.
    I did't port scan them as a retaliation as you seem to imply.

    I posted here because I'm wondering if I need to contact that admin
    and let them know they have a back door, and there machine is being
    used by somebody to cladestinely portscan and otherwise prepare for
    illegal breakins.

    My portscan was not clandestine... I will answer for it to any and all
    inquiries.

  4. Re: What does this nmap report mean

    "Harry Putnam" wrote in message
    news:87accae0w3.fsf@newsguy.com

    > My portscan was not clandestine... I will answer for it to any and all
    > inquiries.


    Ah, I didn't realize that you had first gotten their permission.

  5. Re: What does this nmap report mean

    "ynotssor" writes:

    > "Harry Putnam" wrote in message
    > news:87accae0w3.fsf@newsguy.com
    >
    >> My portscan was not clandestine... I will answer for it to any and all
    >> inquiries.

    >
    > Ah, I didn't realize that you had first gotten their permission.


    I think what you didn't realize is how twittish and silly your
    non-helpfull post is in a group like this.

    You are a legal expert on Taiwanese Internet law?

  6. Re: What does this nmap report mean

    "Harry Putnam" wrote in message
    news:87ek1lumtv.fsf@newsguy.com

    >>> My portscan was not clandestine... I will answer for it to any and
    >>> all inquiries.

    >>
    >> Ah, I didn't realize that you had first gotten their permission.

    >
    > I think what you didn't realize is how twittish and silly your
    > non-helpfull post is in a group like this.


    We've seen far, far too many people like yourself over the years who always
    think it's bad when others do it, but all right when you do.


  7. Re: What does this nmap report mean

    "ynotssor" writes:

    > We've


    ?

  8. Re: What does this nmap report mean

    On Tue, 28 Feb 2006 17:49:06 -0600, Harry Putnam wrote:

    > I've nmapped a host hitting my port 22 repeatedly and see this:
    >
    > PORT STATE SERVICE
    > 22/tcp open ssh
    > 25/tcp open smtp
    > 80/tcp open http
    > 110/tcp open pop3
    > 111/tcp open rpcbind
    > 135/tcp filtered msrpc
    > 143/tcp open imap
    > 443/tcp open https
    > 445/tcp filtered microsoft-ds
    > 993/tcp open imaps
    > 995/tcp open pop3s
    > 3306/tcp open mysql
    > 10000/tcp open snet-sensor-mgmt
    > 31337/tcp open Elite
    >
    > Is this a zombie that doesn't now its controlled with a backdoor at
    > 31337/tcp open Elite or just some sort of comeon filter or
    > something?
    >
    > The machine is in Tai-wan or at least shows a TW IP.


    You are in truly dangerous territory here (on comp.os.linux.security) to
    be even acknowledging that you might have done an nmap scan (thousands
    do). Those who oppose will not stop without threats or more. Those who
    might agree may be intimidated from posting by previous experiences here.
    Some of the people who post here think that they "own" the internet.

    There is no law (I am no lawyer, as far as I know or can determine)
    against scanning, yours or others'. See Tom Liston's post here. If you
    read later, the page may be archived in the "previous" link. Not all
    posts, it seems to me, are actually archived in their original form.
    Here, he mentions tee shirts with "I tipped a computer with nmap", or some
    such. Read it anyway every day. It is worth the time.

    http://isc.sans.org/diary.php

    It is titled: A Bunch Of Bull in a China Shop

    I am really not any kind of expert, but the results you posted suggest
    some things. All of those lower ports being open suggests a machine
    without a firewall, which is probably compromised (0wn3d). The real
    offender is somewhere else, and untraceable. Whoever owns (not 0wns) this
    machine is clueless and/or careless, and will not change it even if
    notified. Note that the 445/tcp filtered microsoft-ds and 135/tcp
    filtered msrpc ports are filtered. Unfortunately, unless you can knock
    her down clean on her ass, there isn't much you can do about it. I, for
    myself, would really like to know that you did knock her down clean on her
    ass. And note for legal purposes that I am not advocating any illegal or
    antisocial actions.

    I'll talk about the threats and other crap you hear from supposedly
    "ethical" people here privately, or in some less hostile public forum.

    Hope you are well.


  9. Re: What does this nmap report mean

    "Harry Putnam" wrote in message
    news:87fym0pdi6.fsf@newsguy.com

    >> We've

    >
    > ?


    seen far, far too many people like yourself over the years who always
    think it's bad when others do it, but all right when you do.

  10. Re: What does this nmap report mean

    On Thu, 02 Mar 2006 21:50:04 -0800, ynotssor wrote:

    > "Harry Putnam" wrote in message
    > news:87fym0pdi6.fsf@newsguy.com
    >
    >>> We've

    >>
    >> ?

    >
    > seen far, far too many people like yourself over the years who always
    > think it's bad when others do it, but all right when you do.


    So with all respects, "ynotssor", (in your opinion) is it all right to
    respond to unsolicited traffic? Or not? You haven't made any case here
    that I can see.

    Seems like you would like to cut off debate (-requires 7/10 majority, or a
    hole of a lot of arm twisting).

    All good wishes to you. I expect the same good wishes and respect from
    you, . .

  11. Re: What does this nmap report mean

    Newsbox writes:

    > Here, he mentions tee shirts with "I tipped a computer with nmap", or some
    > such. Read it anyway every day. It is worth the time.


    > http://isc.sans.org/diary.php
    > It is titled: A Bunch Of Bull in a China Shop


    That is a very confusing page. I didn't see anything by that title
    nor anyway to search for it. Going to Sans home there is a search box
    but inserting that title leads to hits that look like pieces from TW
    spam or something.

    ps- I think scanning my be illegal in some states. I saw something
    recently on a newsgroup... don't remember which about it being illegal
    in Texas.

  12. Re: What does this nmap report mean

    On Fri, 03 Mar 2006 05:48:29 -0600, Harry Putnam wrote:

    > Newsbox writes:
    >
    >> Here, he mentions tee shirts with "I tipped a computer with nmap", or some
    >> such. Read it anyway every day. It is worth the time.

    >
    >> http://isc.sans.org/diary.php
    >> It is titled: A Bunch Of Bull in a China Shop

    >
    > That is a very confusing page. I didn't see anything by that title
    > nor anyway to search for it. Going to Sans home there is a search box
    > but inserting that title leads to hits that look like pieces from TW
    > spam or something.
    >
    > ps- I think scanning my be illegal in some states. I saw something
    > recently on a newsgroup... don't remember which about it being illegal
    > in Texas.


    http://isc.sans.org/diary.php?date=2006-03-02

    .... is where it is at right now.


+ Reply to Thread