Quote:
Originally Posted by cbjhawks
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-12-31 12:33 CST
Interesting ports on localhost (127.0.0.1):
Not shown: 1677 closed ports
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
Nmap finished: 1 IP address (1 host up) scanned in 0.201 seconds
|
You scanned localhost. It's normal to get results such as this even while being completely stealth-firewalled on the real network interface. You'll need to scan said interface to get some more meaningful results. One thing you can do also is have a look at the services, as you'll see on what addresses they are listening on. Check it:
Code:
win32sux@candystore:~$ netstat -an --inet | grep LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN
As you can see, I've got several services - but they are only listening on localhost.
Nmap will show ports open for localhost:
Code:
win32sux@candystore:~$ nmap localhost
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-31 15:34 EST
Interesting ports on localhost (127.0.0.1):
Not shown: 1693 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.174 seconds
But for my actual NIC IP it's a different story:
Code:
win32sux@candystore:~$ nmap 192.168.1.100
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-31 15:35 EST
All 1697 scanned ports on 192.168.1.100 are closed
Nmap finished: 1 IP address (1 host up) scanned in 0.182 seconds
That said, nothing beats an actual
remote scan - you'll need to perform one if you want a real-world assessment. Do you have another GNU/Linux box available where you could scan from? Hopefully you'll get results like this:
Code:
win32sux@batcave:~$ nmap 192.168.1.100
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-31 15:54 EST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 4.046 seconds
win32sux@batcave:~$ nmap -P0 192.168.1.100
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-31 15:55 EST
All 1697 scanned ports on 192.168.1.100 are filtered
Nmap finished: 1 IP address (1 host up) scanned in 351.129 seconds
These remote scan results make sense, considering I have a stealth firewall config:
Code:
win32sux@candystore:~$ sudo iptables -nvL INPUT
Chain INPUT (policy DROP 2765 packets, 258K bytes)
pkts bytes target prot opt in out source destination
837K 779M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8502 510K ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0