Nmap Development: Re: Here's something to ponder...

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Re: Here's something to ponder...

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 6 Jul 2005 09:44:44 +0200

On Wed, Jul 06, 2005 at 10:28:11AM +1200, Craig Humphrey wrote:

25/tcp   open   smtp?

OS details: Microsoft Windows Server 2003 Standard Edition

SF-Port25-TCP:V=3.81%D=7/6%Time=42CAFFC2%P=i686-pc-windows-windows%r(NUL
L,
SF:76,"220\x20\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*


This looks like there is a PIX firewall with "smtp fixup" turned on in
front of the scanned machine. The PIX could also explain why Nmap
detects it as W2K3 because PIX filters out some OS fingerprinting
packets so the responds looks more like from W2K3 ...

Martin Mačok
ICT Security Consultant


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

By Date By Thread

Current thread:

Here's something to ponder... Craig Humphrey (Jul 05)
- Re: Here's something to ponder... Ron (Jul 05)
- Re: Here's something to ponder... Martin Mačok (Jul 06)