LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-31-2006, 11:43 PM   #1
Andriy
Member
 
Registered: Dec 2005
Distribution: Slackware, SLAX, Redhat, Fedora
Posts: 133

Rep: Reputation: 15
Question Different nmap results


I tried to use -sS scan on two addresses. First on localhost and the second on my external ip. The thing is, I get different results which makes me confused. Based on my settings, the localhost results seem to be the correct one while the scan on the external ip is reporting that I have open ports even for apps/services that I don't even use. Is this something that can be a cause for alarm or something? Thanks in advance guys.
 
Old 06-01-2006, 01:52 AM   #2
Linux~Powered
Member
 
Registered: Jan 2004
Location: /lost+found
Distribution: Slack`er-current
Posts: 845

Rep: Reputation: 31
Just because you're not using the applications on those ports doesn't mean those ports aren't open. What is nmap showing as open? Also, run netstat -tulnap to get a list or ports that are open.
 
Old 06-01-2006, 04:43 AM   #3
Andriy
Member
 
Registered: Dec 2005
Distribution: Slackware, SLAX, Redhat, Fedora
Posts: 133

Original Poster
Rep: Reputation: 15
I don't see the open ports as reported with nmap -sS using my external ip.

in external ip it says:

PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http

and i know i have shutdown those services . . .

however, this comes out when scan 127.0.0.1:

PORT STATE SERVICE
22/tcp open ssh
37/tcp open time
113/tcp open auth
631/tcp open ipp

and i believe that is more correct than the former. so, can anyone enlighten me further?

also when i do a netstat -tulnap none of those ports listed when i scan the external ip showed up.
 
Old 06-01-2006, 08:22 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,307
Blog Entries: 54

Rep: Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857
For "open" read "accessable" or better: "unfiltered". Next to that nmap uses it's own number-to-port mapping similar to /etc/services and just like the services file it's a *static* mapping. So, to extract information and confirm, if a port is "open" and there is service bound to it, use the version scan option. BTW, scanning localhost uses loopback which usually is excluded from filtering in the firewall and so gives a skewed picture of what is accessable. Best way is to scan from a box that's not in your LAN or use on of the free online services.


netstat -tulnap
"a" vs "l"...
 
  


Reply

Tags
nmap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap results not correct? bobwall Linux - Networking 1 05-27-2005 03:31 AM
please help me,i m desperate.nmap results el3ctronic Linux - Security 4 03-01-2005 10:24 AM
nmap scan results ! dimgr Linux - Security 3 01-21-2005 12:39 PM
nmap results djcomplex Linux - Software 3 03-20-2004 01:46 PM
nmap results richlawson Linux - Security 6 12-16-2003 03:26 PM


All times are GMT -5. The time now is 07:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration