LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-24-2007, 11:47 AM   #1
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Rep: Reputation: 30
Exclamation nmap security problem


I was trying to check a host say (www.mydomain.com) using nmap. There basically i should get something like...
Code:
[root@test root]# nmap www.mydomain.com

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-08-24 21:39 UTC
Interesting ports on www.mydomain.com (2.2.2.2):
(The 1656 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
3306/tcp open  mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.177 seconds
But i get something like this:...
Code:
[root@test root]# nmap www.adomain.com

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-08-24 21:43 UTC
sendto in send_ip_packet: sendto(3, packet, 40, 0, 3.3.3.3, 16) => Operation not permitted
sendto in send_ip_packet: sendto(3, packet, 40, 0, 3.3.3.3, 16) => Operation not permitted
sendto in send_ip_packet: sendto(3, packet, 40, 0, 3.3.3.3, 16) => Operation not permitted
sendto in send_ip_packet: sendto(3, packet, 40, 0, 3.3.3.3, 16) => Operation not permitted
sendto in send_ip_packet: sendto(3, packet, 40, 0, 3.3.3.3, 16) => Operation not permitted
sendto in send_ip_packet: sendto(3, packet, 40, 0, 3.3.3.3, 16) => Operation not permitted
caught SIGINT signal, cleaning up
This seems to me that the server is very secured and i also tried other options like -sS -sU -v -O -D A.B.C.D

But same result... if this tells me that that remote server is a secured server (since i cant scan that even), then i wanna make my one like this... so others cant scan me using the same way... how??
 
Old 08-24-2007, 11:53 AM   #2
bsdunix
Senior Member
 
Registered: May 2006
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761

Rep: Reputation: 80
See if this thread helps:

http://seclists.org/nmap-dev/2005/q2/0038.html

and this one:

http://www.linuxquestions.org/questi...d.php?t=322152
 
Old 08-24-2007, 12:21 PM   #3
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Original Poster
Rep: Reputation: 30
RE::

Tried... read... but output is zero...

well, let me explain more... I am sitting on 192.168.0.10 and i was doing nmap on 172.16.0.10

Now when i nmap myself, (192.168.0.10) it gives me results as usual...

but when i nmap 172.16.0.10, it gives me
sendto in send_ip_packet: sendto(3, packet, 40, 0, 172.168.0.10, 16) => Operation not permitted

Now, I dont know why this (172.16.0.10) is responding like this...(it responds to ping) but if this is a good sign of security (because i cant scan that 172.16.0.10) then how can i make my machine (192.168.0.10) exactly like that one (172.168.0.10) so others cant scan me....
 
Old 08-24-2007, 03:07 PM   #4
bsdunix
Senior Member
 
Registered: May 2006
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761

Rep: Reputation: 80
According to the changelog, that was supposed to be fixed in version 3.81:

"Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and
UDP headers when scanning protocols 1, 6, and 17, respectively. An
empty IP header is still sent for all other protocols. This should
prevent the error messages such as "sendto in send_ip_packet:
sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not
permitted" that Linux (and perhaps other systems) would give when
they try to interpret the raw packet. This also makes it more
likely that these protocols will elicit a response, proving that the
protocol is "open"."


http://insecure.org/nmap/changelog.html

Your using version 3.81, try a newer and see what happens.
 
Old 09-01-2007, 02:38 PM   #5
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Original Poster
Rep: Reputation: 30
Trying ....
 
Old 09-01-2007, 02:49 PM   #6
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Original Poster
Rep: Reputation: 30
Question

Code:
[root@node1 root]# nmap -sS -sU -O -v -P0 -D 192.168.0.1 'www.mydomain.com'

Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-02 00:46 BDT
caught SIGSEGV signal, cleaning up
Aborted
[root@node1 root]#
This was found when i did the nmap to my server. Also when i do only "nmap www.mydomain.com" i get the same. And same for any other machines. what is it for??

Mishu~~
 
Old 09-01-2007, 05:35 PM   #7
bsdunix
Senior Member
 
Registered: May 2006
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761

Rep: Reputation: 80
http://en.wikipedia.org/wiki/SIGSEGV

Basically you've got a program that's not behaving correctly.

I compiled from source and installed version 4.20 on my Slackware 11.0 box and was able to use nmap without problem.

Did you build 4.20 from source? If so, were there any unusual errors? If you installed from source, there is a rpm version on the download page.

http://download.insecure.org/nmap/di....20-1.i386.rpm
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 02:08 AM
nmap problem ding.iitk Linux - Networking 3 07-19-2006 02:20 PM
LXer: Nmap: A valuable open source tool for network security LXer Syndicated Linux News 0 05-15-2006 09:54 AM
Newbie Security, Nmap and Hosts.Allow Tutilupo Linux - Security 1 01-16-2004 03:59 AM
nmap security sam00 Linux - Security 8 01-02-2004 09:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration