Security Basics: Re: Hidden Ports

[Vincent <pros-n-cons () bak rr com>]

On Tue, 03 Feb 2004 15:46:12 -0200
Eduardo Sorensen <ovo () osite com br> wrote:

> Can a port scanner not see a port that is opened?
>
> The question is: can a backdoor be on a machine, and with nmap -p 1-,
> for example, you couldn't see it?
>
> Thank you,
> Eduardo
What if the backdoor is set to ignore any address queries other than the owners?
For instance I run a mail server at home but even though I do not have a firewall
you will not see any service there unless you're on 127.0.0.1 if you try scanning
from 10.10.100.1 the service will not respond.
----------------------------------------------------
nmap -sV -p25 127.0.0.1
                                                                                
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-02-03 20:05 PST
Interesting ports on hatch.localdomain (127.0.0.1):
PORT   STATE SERVICE VERSION
25/tcp open  smtp    Sendmail 8.11.8/8.11.12
-----------------------------------------------------
nmap -sV -p25 10.10.100.1
 
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-02-03 20:08 PST
Interesting ports on nowhere.nex.com (10.10.100.1):
PORT   STATE  SERVICE VERSION
25/tcp closed smtp
-----------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------