Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port Scanning with Languard and nmap question

From: "Andy Cuff" <lists () securitywizardry com>
Date: Fri, 29 Oct 2004 17:48:02 +0100
Carl,
Firstly, LANguard in it's default profile doesn't look for 69
(surprisingly!) or 177.  I'd suggest you check the actual host to see if it
does have those ports open, if it does it is a LANguard issue if not then
nmap.  You may wish to upgrade your nmap to 3.75, you don't mention which
version of LANguard you are using, latest is 5.  If you're still drawing a
blank you could fire up a protocol analyzer and check the type of packets
used by each product to elicit the port information, there may be some
protection that will block the LANguard and not nmap, which by it's nature
can get by some protective mechanisms.  I'm on a train at the moment
otherwise I'd have done this just to satisfy my own curiosity.

   Regards
   -andy cuff
The Talisker Network Security Portal
http://securitywizardry.com 
Computer Network Defence Ltd

-----Original Message-----
From: Carl Wilson [mailto:chwilson0607 () yahoo com] 
Sent: 28 October 2004 16:17
To: security-basics () securityfocus com
Subject: Port Scanning with Languard and nmap question

I scan network devices (such as network
copier/scanners) for open ports and services running
before allowing our users to permanently hook them to
the network. I use nmap 3.70 and Languard. My question
is why do I see different results when both are
configured to look for the same range of ports? (TCP
and UDP) Primarily, the UDP scan of the device returns
ports 53 (DNS), 69 (TFTP), 177 (xdmcp), and 445 (SMB).
Most all the time, Languard does not detect 53, 69,
and 177. 

We had the local user run the scan directly connected
to the device and their results did not find 53, 69,
or 177 open. Any ideas why? Is there something in
scanning across a WAN which would cause these ports to
show as open? Thanks.

Carl

=====
Carl H. Wilson


                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.782 / Virus Database: 528 - Release Date: 22/10/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.782 / Virus Database: 528 - Release Date: 22/10/2004
Previous By Date Next
Previous By Thread Next

Current thread: