dziwne zachowanie nmapa

[az]

sudo nmap -T Aggressive -sV -n -O -v PN localhost

Starting Nmap 4.62 ( http://nmap.org ) at 2009-03-12 16:15 CET
Initiating Ping Scan at 16:15
Scanning 80.68.93.100 [2 ports]
Completed Ping Scan at 16:15, 0.06s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 16:15
Scanning 80.68.93.100 [1715 ports]
Discovered open port 25/tcp on 80.68.93.100
Discovered open port 80/tcp on 80.68.93.100
Discovered open port 21/tcp on 80.68.93.100
Discovered open port 22/tcp on 80.68.93.100
Discovered open port 53/tcp on 80.68.93.100
Discovered open port 110/tcp on 80.68.93.100
Discovered open port 995/tcp on 80.68.93.100
Completed SYN Stealth Scan at 16:16, 10.67s elapsed (1715 total ports)
Initiating Service scan at 16:16
Scanning 7 services on 80.68.93.100
Completed Service scan at 16:16, 34.02s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 80.68.93.100
Retrying OS detection (try #2) against 80.68.93.100
SCRIPT ENGINE: Initiating script scanning.
Host 80.68.93.100 appears to be up ... good.
Interesting ports on 80.68.93.100:
Not shown: 1707 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.2.10
22/tcp open ssh OpenSSH 3.8.1p1 Debian 8.sarge.4 (protocol 2.0)
25/tcp open smtp Exim smtpd 3.36
53/tcp open domain ISC BIND 8.4.6-REL-NOESW
80/tcp open http Apache httpd 2.0.54 ((Debian GNU/Linux) PHP/4.3.10-15)
110/tcp open pop3 UW Imap pop3d 2003.83
995/tcp open pop3s?
1720/tcp filtered H.323/Q.931
Device type: general purpose|switch|PDA|media device|VoIP gateway|broadband router|WAP
Running (JUST GUESSING) : Linux 2.6.X|2.4.X (93%), QLogic embedded (93%), Sharp Linux 2.4.X (93%), Emprex Linux 2.6.X (92%), Occam embedded (92%)
Aggressive OS guesses: Linux 2.6.17 - 2.6.18 (93%), Linux 2.6.9 - 2.6.20 (Fedora Core 5 or 6) (93%), Linux 2.4.21 - 2.4.33 (93%), QLogic SANbox2-8 FC switch or Sharp Zaurus PDA (Linux 2.4.18) (93%), Emprex ME1 Multimedia Enclosure media server (Linux 2.6.12) (92%), Occam ONT ON2342 Voice/Video over IP box (92%), Linux 2.4.28 - 2.4.30 (91%), Linux 2.4.31 w/grsec (x86) (91%), Linux 2.6.13 - 2.6.24 (91%), Linux 2.6.15-27 (Ubuntu) (91%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 49.887 days (since Wed Jan 21 19:01:32 2009)
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=196 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: tedside.pitcairn.net.pn; OSs: Unix, Linux

Initiating SYN Stealth Scan at 16:18
Scanning 127.0.0.1 [1715 ports]
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 113/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Discovered open port 9050/tcp on 127.0.0.1
Discovered open port 8118/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Completed SYN Stealth Scan at 16:18, 0.23s elapsed (1715 total ports)
Initiating Service scan at 16:18
Scanning 6 services on 127.0.0.1
Completed Service scan at 16:19, 72.38s elapsed (6 services on 1 host)
Initiating OS detection (try #1) against 127.0.0.1
SCRIPT ENGINE: Initiating script scanning.
Host 127.0.0.1 appears to be up ... good.
Interesting ports on 127.0.0.1:
Not shown: 1709 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd
113/tcp open auth?
631/tcp open ipp CUPS 1.3
3306/tcp open mysql MySQL 5.0.67-0ubuntu6
8118/tcp open privoxy?
9050/tcp open tor-socks Tor SOCKS Proxy
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8118-TCP:V=4.62%I=7%D=3/12%Time=49B927B5%P=i686-pc-linux-gnu%r(GetR
SF:equest,A3,"HTTP/1\.0\x20400\x20Invalid\x20header\x20received\x20from\x2
SF:0client\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r\nContent-Type:\x20text/
SF:plain\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20received\x20f
SF:rom\x20client\.\r\n")%r(GenericLines,A3,"HTTP/1\.0\x20400\x20Invalid\x2
SF:0header\x20received\x20from\x20client\r\nProxy-Agent:\x20Privoxy\x203\.
SF:0\.8\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\r\nInva
SF:lid\x20header\x20received\x20from\x20client\.\r\n")%r(HTTPOptions,A3,"H
SF:TTP/1\.0\x20400\x20Invalid\x20header\x20received\x20from\x20client\r\nP
SF:roxy-Agent:\x20Privoxy\x203\.0\.8\r\nContent-Type:\x20text/plain\r\nCon
SF:nection:\x20close\r\n\r\nInvalid\x20header\x20received\x20from\x20clien
SF:t\.\r\n")%r(RTSPRequest,A3,"HTTP/1\.0\x20400\x20Invalid\x20header\x20re
SF:ceived\x20from\x20client\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r\nConte
SF:nt-Type:\x20text/plain\r\nConnection:\x20close\r\n\r\nInvalid\x20header
SF:\x20received\x20from\x20client\.\r\n")%r(Help,A3,"HTTP/1\.0\x20400\x20I
SF:nvalid\x20header\x20received\x20from\x20client\r\nProxy-Agent:\x20Privo
SF:xy\x203\.0\.8\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\
SF:n\r\nInvalid\x20header\x20received\x20from\x20client\.\r\n")%r(FourOhFo
SF:urRequest,A3,"HTTP/1\.0\x20400\x20Invalid\x20header\x20received\x20from
SF:\x20client\r\nProxy-Agent:\x20Privoxy\x203\.0\.8\r\nContent-Type:\x20te
SF:xt/plain\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20received\x
SF:20from\x20client\.\r\n")%r(LPDString,A3,"HTTP/1\.0\x20400\x20Invalid\x2
SF:0header\x20received\x20from\x20client\r\nProxy-Agent:\x20Privoxy\x203\.
SF:0\.8\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\r\nInva
SF:lid\x20header\x20received\x20from\x20client\.\r\n")%r(SIPOptions,1D75,"
SF:HTTP/1\.1\x20404\x20No\x20such\x20domain\r\nContent-Length:\x207278\r\n
SF:Content-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nDate:\x20Th
SF:u,\x2012\x20Mar\x202009\x2015:18:49\x20GMT\r\nLast-Modified:\x20Wed,\x2
SF:008\x20Jun\x201955\x2012:00:00\x20GMT\r\nExpires:\x20Sat,\x2017\x20Jun\
SF:x202000\x2012:00:00\x20GMT\r\nPragma:\x20no-cache\r\nConnection:\x20clo
SF:se\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01
SF://EN\"\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\">\n<html>\n\n<hea
SF:d>\n\x20\x20<title>502\x20-\x20Bad\x20Gateway\x20\(Privoxy@localhost\)<
SF:/title>\n\x20\x20<meta\x20http-equiv=\"Content-Style-Type\"\x20content=
SF:\"text/css\">\n\x20\x20<meta\x20http-equiv=\"Content-Script-Type\"\x20c
SF:ontent=\"text/javascript\">\n\x20\x20<meta\x20http-equiv=\"Content-Type
SF:\"\x20content=\"text/html;\x20charset=ISO-8859-1\">\n\x20\x20<meta\x20n
SF:ame=\"robots\"\x20content=\"noindex,nofollow\">\n\x20\x20<link\x20rel=\
SF:"shortcut\x20icon\"\x20href=\"http://config\.privoxy\.org/error-favicon
SF:\.ico\">\n\x20\x20<style\x20type=\"text/css\">\n\n/\*\n\x20\*\x20CSS\x2
SF:0for\x20Privoxy\x20CGI\x20and\x20script\x20output\n\x20\*\n\x20\*\x20Id
SF::\x20cgi-style\.css,v\n\x20\*/\n\n/\*\n\x20\*\x20General\x20rules:\x20F
SF:ont,\x20Color,\x20Heading");
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.23
Uptime: 0.214 days (since Thu Mar 12 11:11:07 2009)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=205 (Good luck!)
IP ID Sequence Generation: All zeros

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 2 IP addresses (2 hosts up) scanned in 205.471 seconds
Raw packets sent: 3718 (168.168KB) | Rcvd: 5418 (229.050KB)

czemu sie tak dzieje? pod debianem normalnie, skanuje tylko localhost,a nie jakies dzikie IP..

[tydell]

dlaczego dzikie ip ? przeskanował normalnie, localhost i 127.0.0.1, czyli twój komputer przeskanował po nazwie domenowej i po adresie IP, normalka
u mnie wyglada to tak:

Kod: Zaznacz cały

[tydell@myhost Desktop]$ sudo nmap -T Aggressive -sV -n -O -v PN localhost

Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-12 17:17 CET
Initiating Ping Scan at 17:17
Scanning 80.68.93.100 [2 ports]
Completed Ping Scan at 17:17, 0.05s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 17:17
Scanning 80.68.93.100 [1000 ports]
Discovered open port 80/tcp on 80.68.93.100
Discovered open port 22/tcp on 80.68.93.100
Discovered open port 25/tcp on 80.68.93.100
Discovered open port 53/tcp on 80.68.93.100
Discovered open port 21/tcp on 80.68.93.100
Discovered open port 110/tcp on 80.68.93.100
Discovered open port 995/tcp on 80.68.93.100
Completed SYN Stealth Scan at 17:18, 7.07s elapsed (1000 total ports)
Initiating Service scan at 17:18
Scanning 7 services on 80.68.93.100
Completed Service scan at 17:18, 20.00s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 80.68.93.100
Retrying OS detection (try #2) against 80.68.93.100
SCRIPT ENGINE: Initiating script scanning.
Host 80.68.93.100 appears to be up ... good.
Interesting ports on 80.68.93.100:
Not shown: 992 closed ports
PORT    STATE    SERVICE      VERSION
21/tcp  open     ftp          ProFTPD 1.2.10
22/tcp  open     ssh          OpenSSH 3.8.1p1 Debian 8.sarge.4 (protocol 2.0)
25/tcp  open     smtp         Exim smtpd 3.36
53/tcp  open     domain       ISC BIND 8.4.6-REL-NOESW
80/tcp  open     http         Apache httpd 2.0.54 ((Debian GNU/Linux) PHP/4.3.10-15)
110/tcp open     pop3         UW Imap pop3d 2003.83
445/tcp filtered microsoft-ds
995/tcp open     ssl/pop3     UW Imap pop3d 2003.83
Device type: general purpose|WAP|switch|print server|broadband router
Running (JUST GUESSING) : Linux 2.6.X (94%), Actiontec Linux 2.4.X (93%), HP embedded (93%), Linksys embedded (93%), Netgear embedded (93%), Linksys Linux 2.4.X (92%), Acorp embedded (92%), MontaVista Linux 2.4.X (92%)
Aggressive OS guesses: Linux 2.6.20 (Ubuntu 7.04 server, x86) (94%), Linux 2.6.9 - 2.6.24 (94%), HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router (93%), HP Brocade 4Gb SAN switch (93%), Linksys WRT300N wireless broadband router (93%), Linux 2.6.24 (Ubuntu 8.04, x86) (93%), Linux 2.4.20 (92%), HP 4200 PSA (Print Server Appliance) model J4117A (92%), Acorp W400G or W422G wireless ADSL modem (MontaVista Linux 2.4.17) (92%), MontaVista Linux 2.4.17 (92%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 49.928 days (since Wed Jan 21 19:01:37 2009)
TCP Sequence Prediction: Difficulty=203 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: tedside.pitcairn.net.pn; OSs: Unix, Linux

Initiating SYN Stealth Scan at 17:18
Scanning 127.0.0.1 [1000 ports]
Completed SYN Stealth Scan at 17:18, 0.06s elapsed (1000 total ports)
Initiating Service scan at 17:18
Initiating OS detection (try #1) against 127.0.0.1
Retrying OS detection (try #2) against 127.0.0.1
SCRIPT ENGINE: Initiating script scanning.
Host 127.0.0.1 appears to be up ... good.
All 1000 scanned ports on 127.0.0.1 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 2 IP addresses (2 hosts up) scanned in 33.56 seconds
           Raw packets sent: 2163 (99.904KB) | Rcvd: 3116 (131.191KB)

poprostu u Ciebie wypluł trochę na temat portu

8118/tcp open privoxy?

a dokładnie:

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8118-TCP .........

[az]

100.93.68.80.in-addr.arpa domain name pointer tedside.pitcairn.net.pn.

dlatego dzikie.. bo to nie moje, ja mam neostrade, u Ciebie zreszta te same skanuje na poczatku..

[tydell]

owszem, tyle że usługa ta wykonuje testowe połączenie z

Scanning 80.68.93.100 [1000 ports]

i wtedy testuje porty na localu, czy są pootwierane, taki test z zewnątrz jakby
a to

100.93.68.80.in-addr.arpa domain name pointer tedside.pitcairn.net.pn.

to spójrz że jest ten sam IP tylko że w odrotnej kolejności (ARP, RARP oraz in-addr.arpa domain poczytaj) i ten IP jest przypisany dla domeny tedside.pitcairn.net.pn

[az]

lol, wiem, przeciez ci o tym pisze ze skanuje jakis ip w ogole o ktore nie prosilem.. wkleilem ci wynik komendy host na potwierdzenie ze te ip nie ma nic wspolnego z moja siecia..

[tydell]

to przeskanuj

Kod: Zaznacz cały

nmap -PE -v -p1-65535 -PA21,23,80,3389 -A -T4 localhost

- Intense scan, all TCP ports

albo użyj zenmap, taki nmap z gui