Debian SID users: help me by running an nmap on localhost
DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Debian SID users: help me by running an nmap on localhost
Hello. This thread is for users of up-to-date Debian SID systems. Run an nmap on localhost and tell me the values of "TCP Sequence Prediction: Difficulty" and "IPID Sequence Generation". Run:
Code:
nmap -A -O -vv 127.0.0.1
The reason of this request is that, after issuing the above command on my box, I found out the "Difficulty" value surprisingly low [~ 200]; "IPID Seq Gen:" to be "All zeros". I'm trying to find out if this is normal behavior with up-to-date SID boxes or just a personal problem. Also, should anyone know how to "fix" this, please tell me I'm not afraid of custom [configured] kernels, nor modifying the kernel source.
Should this turn out to be a Deb Unstable specific thing, if anyone knows details [i.e. urls to debian mailing list archives about this stuff or whatever]; please let me know.
Starting Nmap 4.20 ( http://insecure.org ) at 2006-12-18 17:52 EST
Initiating SYN Stealth Scan at 17:52
Scanning orders.webpower.com (127.0.0.1) [1697 ports]
Completed SYN Stealth Scan at 17:52, 0.09s elapsed (1697 total ports)
Initiating Service scan at 17:52
Warning: OS detection for 127.0.0.1 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Initiating OS detection (try #1) against orders.webpower.com (127.0.0.1)
Retrying OS detection (try #2) against orders.webpower.com (127.0.0.1)
Initiating gen1 OS Detection against 127.0.0.1 at 1.800s
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Host orders.webpower.com (127.0.0.1) appears to be up ... good.
All 1697 scanned ports on orders.webpower.com (127.0.0.1) are closed
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint by osscan system #2:
SCAN(V=4.20%D=12/18%OT=%CT=1%CU=39647%PV=N%DS=0%G=N%TM=45871BAE%P=i686-pc-linux-gnu)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(R=Y%DFI=N%T=40%TOSI=S%CD=S%SI=S%DLI=S)
Network Distance: 0 hops
OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 5.994 seconds
Raw packets sent: 1721 (77.860KB) | Rcvd: 3437 (147.132KB)
Hm where is everyone getting the info they are posting? The above is what I get.
Running it again I realized that I don't have the latest nmap.
Quote:
root@nyb# nmap -A -O -vv 127.0.0.1
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-12-19 11:57 CET
DNS resolution of 0 IPs took 0.00s. Mode: Async [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 0, CN: 0]
Initiating SYN Stealth Scan against gforge (127.0.0.1) [1672 ports] at 11:57
Discovered open port 113/tcp on 127.0.0.1
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 111/tcp on 127.0.0.1
Discovered open port 8443/tcp on 127.0.0.1
Discovered open port 8081/tcp on 127.0.0.1
Discovered open port 8080/tcp on 127.0.0.1
The SYN Stealth Scan took 0.17s to scan 1672 total ports.
Initiating service scan against 7 services on gforge (127.0.0.1) at 11:57
The service scan took 66.14s to scan 7 services on 1 host.
Initiating RPCGrind Scan against gforge (127.0.0.1) at 11:58
The RPCGrind Scan took 0.09s to scan 1 ports on gforge (127.0.0.1).
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
Host gforge (127.0.0.1) appears to be up ... good.
Interesting ports on gforge (127.0.0.1):
(The 1665 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
21/tcp open ftp?
22/tcp open ssh OpenSSH 4.3p2 Debian-7 (protocol 2.0)
111/tcp open rpcbind 2 (rpc #100000)
113/tcp open ident Ident2
8080/tcp open http-proxy WWWOFFLE caching webproxy 2.9a
8081/tcp open blackice-icecap?
8443/tcp open ssl/unknown
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port21-TCP:V=4.00%I=7%D=12/19%Time=4587C590%P=x86_64-unknown-linux-gnu%
SF:r(NULL,208,"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8081-TCP:V=4.00%I=7%D=12/19%Time=4587C595%P=x86_64-unknown-linux-gnu%r(WWWOFFLEctrlstat,1C,"WWWOFFLE\x20Incorrect\x20Password\n");
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.00%P=x86_64-unknown-linux-gnu%D=12/19%Tm=4587C5DB%O=21%C=1)
TSeq(Class=RI%gcd=1%SI=2609CE%IPID=Z)
TSeq(Class=RI%gcd=1%SI=260942%IPID=Z)
TSeq(Class=RI%gcd=1%SI=26099C%IPID=Z)
T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E K=E%ULEN=134%DAT=E)
Not sure what to make of this. Either NMap is reporting badly.. or.. ehh.. no idea what. I noticed one time it said my UpTime was over 150 days and I had the computer up for less than half an hour :-/
I don't have a modif. /etc/systune.conf; nor do I run a firewall. My /etc/sysctl.conf however:
That explains why both versions of NMap say "Good Luck". But what it doesn't explain is why they report diff. TCP sequence prediction difficulty indexes.
UPDATE:
Was looking through the NMAP ChangeLog and found this:
Quote:
Fixed a TCP sequence prediction difficulty indicator bug. The index
is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
But some systems..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.