Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Here's something to ponder...

Re: Here's something to ponder...

From: Martin Mačok <martin.macok_at_underground.cz>
Date: Wed, 6 Jul 2005 09:44:44 +0200

On Wed, Jul 06, 2005 at 10:28:11AM +1200, Craig Humphrey wrote:

> 25/tcp open smtp?

> OS details: Microsoft Windows Server 2003 Standard Edition

> SF-Port25-TCP:V=3.81%D=7/6%Time=42CAFFC2%P=i686-pc-windows-windows%r(NUL
> L,
> SF:76,"220\x20\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

This looks like there is a PIX firewall with "smtp fixup" turned on in
front of the scanned machine. The PIX could also explain why Nmap
detects it as W2K3 because PIX filters out some OS fingerprinting
packets so the responds looks more like from W2K3 ...

Martin Mačok
ICT Security Consultant

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Jul 06 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos