Home page logo
/

basics logo Security Basics mailing list archives

RE: Interpreting the results of an NMAP scan
From: "Pete.LeMay" <pete.lemay () whro org>
Date: Fri, 24 Apr 2009 15:21:05 -0400

One side note, SBS is wizard driven, if you make too many changes using
the standard windows tools it can cause lots of problems down the road.
There is a internet wizard that can be run that will ask you which
programs you want available from the internet and will configure
everything for you. Take some time to read up on it if you are not
already familiar with SBS admin. Like my earlier post mentioned, Premium
edition includes ISA which would be a more robust firewall than the
Linksys. 

Pete

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of infolookup () gmail com
Sent: Friday, April 24, 2009 12:44 PM
To: Dan Fauxpoint; listbounce () securityfocus com;
security-basics () securityfocus com
Subject: Re: Interpreting the results of an NMAP scan

Dan,

It looks like the might be some port forwarding going on, that's why you
are able to see the Exchange server from the outside, in order for you
to access outlook web access you need port 443 or 80 depends on your
setup, and in order to send or receive email you need port 25 smtp open.

As far as seeing the Linksys from the outside there should be a option
to drop icmp probes, this will block pings, but if you set the correct
scan type via nmap you might still find these ports since the a
necessary for functionality.

Hope this helped!
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Dan Fauxpoint <danielfauxpoint () yahoo com>

Date: Wed, 22 Apr 2009 18:57:55 
To: <security-basics () securityfocus com>
Subject: Interpreting the results of an NMAP scan



Hello,

I am helping a small business owner to evaluate the quality of his IT
setup. This company has one server which runs Windows Small Business
Server 2003 R2 Premium Edition. This server hosts an Exchange instance
which takes care of incoming and outgoing emails.

I ran an namp scan (nmap -T4 -A -v -PE -PA21,23,80,3389 <IP_address>)
from a machine outside of the company network and got the results below.
I am wondering why ports 80 and 443 are open since the server does not
act as a web server. Also I am wondering if the Linksys router should be
visible from the outside world ...

If anybody could comment on this and make suggestions on how to improve
the security of that setup, I would appreciate it.

Cheers,
Dan.

Not shown: 990 closed ports
PORT     STATE    SERVICE      VERSION
25/tcp   filtered smtp
80/tcp   open     http         Microsoft IIS
|_ html-title: The page cannot be displayed
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
143/tcp  open     imap         Microsoft Exchange Server 2003 imapd
6.5.7638.1
443/tcp  open     ssl/https?
|_ sslv2: server still supports SSLv2
|  html-title: Microsoft Outlook Web Access
|_ Requested resource was https://<...snipped...>
445/tcp  filtered microsoft-ds
993/tcp  open     ssl/imap     Microsoft Exchange Server 2003 imapd
6.5.7638.1
|_ sslv2: server still supports SSLv2
1723/tcp open     pptp         Microsoft (Firmware: 3790)
8081/tcp open     http         Linksys router http config (device model
BEFSR41/BEFSR11/BEFSRU31)
|  http-auth: HTTP Service requires authentication
|_   Auth type: Basic, realm = Linksys BEFSR41/BEFSR11/BEFSRU31
|_ html-title: 401 Authorization Required



      

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught
by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]