Has anyone else noticed nmap doing false positives on port 21?
Just about every ip I scanned during my current job came up positive, but when I try to connect with an ftp client it's closed. Also OpenVas doesn't show it as open(although scanline from foundstone does).
Anyone know if this is just me or not?
Netcat seems to say everything has 21 open. Try to hit a server on your local domain that doesn't has 21 open, and watch what netcat responds with.
I did scan from home, but in my sleep deprived state I didn't differentiate in my notes what scan was from what location. I *think* both locations gave the same results, but I'm not sure. The pentest is over, so I can't scan again now...
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.