|
Penetration Testing
mailing list archives
Re: nmap showing port 21 (ftp) open, but port is actually closed
From: Andres Riancho <andres.riancho () gmail com>
Date: Sun, 11 Sep 2005 18:42:25 -0300
Mike,
This could be a transparent proxy server that your ISP installed.
A way to test if you are proxyed is:
gauss:~# tcptraceroute www.google.com 80
Selected device eth1, address 24.232.100.167, port 3539 for outgoing packets
Tracing the path to www.google.com (64.233.161.99) on TCP port 80 (www),
30 hops max
1 * 10.17.1.1 7.865 ms *
2 10.101.1.25 10.882 ms 13.205 ms 7.474 ms
3 publica1.fibertel.com.ar (24.232.1.1) 7.483 ms 5.732 ms 8.831 ms
4 64.233.161.99 [open] 7.639 ms 32.874 ms 13.350 ms
Only 4 hops for port 80. Strange ...
Lets see what happends for real...
gauss:~#traceroute 64.233.161.99
traceroute to 64.233.161.99 (64.233.161.99), 30 hops max, 38 byte packets
1 * * *
2 10.101.1.25 (10.101.1.25) 10.071 ms 8.694 ms 28.814 ms
3 publica1.fibertel.com.ar (24.232.1.1) 7.851 ms 26.046 ms 11.893 ms
4 10.101.21.85 (10.101.21.85) 11.420 ms 21.271 ms 8.380 ms
5 bai1-cablevision-1-ar.bai.seabone.net (195.22.220.45) 7.919 ms
9.622 ms 20.910 ms
6 ash1-new1-racc1.new.seabone.net (195.22.216.169) 188.225 ms
198.841 ms 183.207 ms
7 eqixva-google-gige.google.com (206.223.115.21) 184.185 ms 183.390
ms 201.727 ms
8 216.239.47.120 (216.239.47.120) 186.700 ms 183.013 ms
216.239.49.248 (216.239.49.248) 183.718 ms
9 216.239.48.190 (216.239.48.190) 186.032 ms 184.994 ms
216.239.48.198 (216.239.48.198) 183.713 ms
10 64.233.161.99 (64.233.161.99) 183.273 ms 184.863 ms 186.683 ms
Well, this makes more sense to me :) . You could do the same test but
changing port 80 to 21.
Mike Jones wrote:
Has anyone ever seen this before, nmap is showing port 21 to be open
on a machine on the internet, but 21 is not listening on that
machine. It happens to all machines I scan outside the local area
network.
Thanks in advance
--
Andrés Riancho
http://www.securearg.net/
Secure from the Source
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: nmap showing port 21 (ftp) open, but port is actually closed, (continued)
- Re: nmap showing port 21 (ftp) open, but port is actually closed cy.wang (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Luke Eckley (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Mordread Wallas (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Josh Zlatin-Amishav (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Andres Riancho (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Paul Day (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Thor (Hammer of God) (Sep 12)
- Re: nmap showing port 21 (ftp) open, but port is actually closed Steve.Cummings (Sep 12)
- RE: nmap showing port 21 (ftp) open, but port is actually closed Andre Protas (Sep 14)
- RE: nmap showing port 21 (ftp) open, but port is actually closed Drage, Nick (Sep 16)
|
Intro
