[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strange nmap results

curiosity made me try a scan on my firewall and showed me some ports
ftp ssh smtp http are ok, but I don't understand why the other ones are
open. The filtered ones are blocked by my isp because of the blaster
worm. but the other ones aren't supposed to be open.
Below are nmap report and my pf.conf.
#nmap -sS -PT -PI -O -v -T 3 naxalite.ath.cx
Starting nmap V. 3.00 ( www.insecure.org/nmap )
Host dyn-213-36-197-125.ppp.tiscali.fr ( appears to be up
... good.
Initiating SYN Stealth Scan against dyn-213-36-197-125.ppp.tiscali.fr
Adding open port 80/tcp
Adding open port 21/tcp
Adding open port 2049/tcp
Adding open port 37/tcp
Adding open port 111/tcp
Adding open port 915/tcp
Adding open port 1720/tcp
Adding open port 389/tcp
Adding open port 22/tcp
Adding open port 25/tcp
The SYN Stealth Scan took 83 seconds to scan 1601 ports.
For OSScan assuming that port 21 is open and port 1 is closed and
neither are firewalled
Interesting ports on dyn-213-36-197-125.ppp.tiscali.fr (
(The 1587 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp                     
22/tcp     open        ssh                     
25/tcp     open        smtp                    
37/tcp     open        time                    
80/tcp     open        http                    
111/tcp    open        sunrpc                  
135/tcp    filtered    loc-srv                 
139/tcp    filtered    netbios-ssn             
389/tcp    open        ldap                    
445/tcp    filtered    microsoft-ds            
915/tcp    open        unknown                 
1720/tcp   open        H.323/Q.931             
2049/tcp   open        nfs                     
4444/tcp   filtered    krb524                  
Remote operating 
system guess: OpenBSD 3.0 SPARC with pf "scrub in all" feature
TCP Sequence Prediction: Class=truly random
                         Difficulty=9999999 (Good luck!)
IPID Sequence Generation: Randomized
Nmap run completed -- 1 IP address (1 host up) scanned in 90 seconds
#### Firewall ####
#  ---- Lists and Macros ----  #
Ext = "tun0"
Int = "fxp0"
Loop = "lo0"
IntNet = ""
NoRoute = "{,,,, \
OutServicesTCP = "{ http, https, smtp, pop3, 6667, whois, domain, \
            ssh, telnet, ftp, ftp-data, auth, ntp }"
OutServicesUDP = "{ ntp, domain }"
InServices = "{ http, smtp, ssh, auth }"
#  ---- Tables ----  #
#  ---- Options ----  #
# Default policy for rejected packets
set block-policy drop
# lifetime of a state/fragment
set timeout interval 10
# seconds before an unassembled fragment is expired
set timeout frag 30
# if to log
set loginterface tun0
# entries in the memory pool used for 
#"state table entries/packet reassembly"
set limit { states 20000, frags 20000 }
#avoids dropping idle connections at the expense 
#of greater memory utilization
set optimization normal
#  ---- Scrub ----  #
#scrub all incoming packets on all interfaces
scrub in all
#  ---- Queueing ---- # (?!? typo???)
altq on $Ext priq bandwidth 512Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
#  ---- NAT ----  #
# performs NAT on tun0
nat on $Ext from $IntNet to any -> $Ext
#  ---- Traffic Redirection ---- #
# ftp-proxy
rdr on $Int proto tcp from any to any port 21 -> $Loop port 8021
# spamd
#rdr inet proto tcp from <spamd> to any port smtp -> $Loop port 783
#  ---- Filter Rules ----  #
# log what's blocked on tun0
block log on $Ext all
# allow everything on fxp0
pass on $Int all
# allow everything on loopback
pass on $Loop all
# prevent from spoofing loopback
antispoof for $Loop
# ACK priority
pass out on $Ext proto tcp from $Ext to any flags S/SA \
        keep state queue (q_def, q_pri)
pass in  on $Ext proto tcp from any to $Ext flags S/SA \
        keep state queue (q_def, q_pri)
# block known private classes ip and log
block in log on $Ext from $NoRoute to any
block out log on $Ext from any to $NoRoute
# allow TCP and UDP services defined to pass through 
pass out on $Ext inet proto udp from any to any port \
        $OutServicesUDP keep state
pass out on $Ext inet proto tcp from any to any port \
        $OutServicesTCP keep state
# allow connection to this host (needed for eggdrop)
pass out on $Ext inet proto tcp from any to keep state
# allow some services from Internet 
pass in on $Ext inet proto tcp from any to any port \
        $InServices keep state
# ftp-proxy port range
pass in on $Ext inet proto tcp from any to $Ext user \
        proxy keep state
pass in on $Ext inet proto tcp from any to any \
        port 49150 <> 50000 keep state
> Enfin vivement les procs optique qui ne chaufferont pas trop ;-)
Vivement les proc quantiques, en rajoutant un glaçon, on pourra même 
les boire ...
*----- Tous des alcolos ma parole! -----*

Attachment: pgp00071.pgp
Description: PGP signature