Home page logo
/

basics logo Security Basics mailing list archives

Re: Interpreting the results of an NMAP scan
From: Francesc Vila <francesc.vila () gmail com>
Date: Fri, 24 Apr 2009 19:57:09 +0200

Dan Fauxpoint wrote:
Hello,

I am helping a small business owner to evaluate the quality of his IT setup. This company has one server which runs 
Windows Small Business Server 2003 R2 Premium Edition. This server hosts an Exchange instance which takes care of 
incoming and outgoing emails.

I ran an namp scan (nmap -T4 -A -v -PE -PA21,23,80,3389 <IP_address>) from a machine outside of the company network and 
got the results below. I am wondering why ports 80 and 443 are open since the server does not act as a web server. Also I am 
wondering if the Linksys router should be visible from the outside world ...

If anybody could comment on this and make suggestions on how to improve the security of that setup, I would appreciate 
it.

Cheers,
Dan.

Not shown: 990 closed ports
PORT     STATE    SERVICE      VERSION
25/tcp   filtered smtp
80/tcp   open     http         Microsoft IIS
|_ html-title: The page cannot be displayed
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
143/tcp  open     imap         Microsoft Exchange Server 2003 imapd 6.5.7638.1
443/tcp  open     ssl/https?
|_ sslv2: server still supports SSLv2
|  html-title: Microsoft Outlook Web Access
|_ Requested resource was https://<...snipped...>
445/tcp  filtered microsoft-ds
993/tcp  open     ssl/imap     Microsoft Exchange Server 2003 imapd 6.5.7638.1
|_ sslv2: server still supports SSLv2
1723/tcp open     pptp         Microsoft (Firmware: 3790)
8081/tcp open     http         Linksys router http config (device model BEFSR41/BEFSR11/BEFSRU31)
|  http-auth: HTTP Service requires authentication
|_   Auth type: Basic, realm = Linksys BEFSR41/BEFSR11/BEFSRU31
|_ html-title: 401 Authorization Required



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

As far as I know, and taking into account the nmap output, 80/443 is the Outlook Web Access. I don't know if it can be disabled from Exchange, but it is part of it. If they don't need to access mail outside the company, maybe it should be filtered.

Regarding the Linksys router... I think that the web configuration interface shouldn't be accessible from outside (let's hope that they didn't leave the default password, because it would be dangerous)

Just my two cents,

F.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]