On the Weirdo host I check the iptables firewall and get this: iptables -vL -t filterĬhain INPUT (policy DROP 25288 packets, 1768K bytes) Is this firewall playing tricks on the intense scan probably? Port Scanning the two ips with nmap -sV -T4 -O -F -version-light 12.99.34.255 12.99.0.3 I see that 12.99.34.255 is a Netgear Firewall FVS336Gv2 accessible with the browser (port 80, is open therefore).Ī consecutive (1 seconds after), quick scan (after the intense scan) does result in the same output as the intense scan.Īfter waiting a couple of seconds and then doing the quick scan again it results in the same output as the initial quick scan. When I look at the traceroute then I see the following: TRACEROUTE (using port 199/tcp) So basically the intense scan finds that many more ports are open, but this is paradox, because the intense scan on the Weirdo localhost nmap -T4 -A -v localhost gives also the exact same open port list as the quick scan. means repetition of previous line with different port number ![]() ![]() (every port is shown as open, except a few)Ĭompleted SYN Stealth Scan at 11:49, 18.22s elapsed (1000 total ports) This actually shows the same output as running the quick scan from Weirdo localhost nmap -T4 -F localhost.īut this is the intense scan nmap -T4 -A -v 12.34.56.78: 1/tcp open tcpmux? Nmap done: 1 IP address (1 host up) scanned in 4.15 seconds ![]() So here the quick scan result nmap -T4 -F 12.34.56.78: Starting Nmap 7.01 ( ) at 11:48 CEST I started port scanning a host (lets call it Weirdo) in that small network and from my perspective, it seems that that specific host has some kind of port scanning detector and/or scan result obfuscator thing with iptables going on, because the result coming back from the intense scan differs so much from that of the quick one. I inherited a small network and currently am assessing its security performance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |