Nmap Development mailing list archives

Re: Here's something to ponder...

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 6 Jul 2005 09:44:44 +0200

On Wed, Jul 06, 2005 at 10:28:11AM +1200, Craig Humphrey wrote:

25/tcp   open   smtp?

OS details: Microsoft Windows Server 2003 Standard Edition

SF-Port25-TCP:V=3.81%D=7/6%Time=42CAFFC2%P=i686-pc-windows-windows%r(NUL
L,
SF:76,"220\x20\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*


This looks like there is a PIX firewall with "smtp fixup" turned on in
front of the scanned machine. The PIX could also explain why Nmap
detects it as W2K3 because PIX filters out some OS fingerprinting
packets so the responds looks more like from W2K3 ...

Martin Mačok
ICT Security Consultant


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Here's something to ponder... Craig Humphrey (Jul 05)
- Re: Here's something to ponder... Ron (Jul 05)
- Re: Here's something to ponder... Martin Mačok (Jul 06)