Originally Posted by IAMZOMBIE
have you tried to verify it with netcat? I think you should also check it from a different source machine with a different firewall in front of you ...
m-1-k-3
nmap false positives on port 21?
Has anyone else noticed nmap doing false positives on port 21?
Just about every ip I scanned during my current job came up positive, but when I try to connect with an ftp client it's closed. Also OpenVas doesn't show it as open(although scanline from foundstone does).
Anyone know if this is just me or not?
Thanks
have you tried to verify it with netcat? I think you should also check it from a different source machine with a different firewall in front of you ...
m-1-k-3
Yeah I verified with telnet and telnet didn't see it as open.
Netcat seems to say everything has 21 open. Try to hit a server on your local domain that doesn't has 21 open, and watch what netcat responds with.
I did scan from home, but in my sleep deprived state I didn't differentiate in my notes what scan was from what location. I *think* both locations gave the same results, but I'm not sure. The pentest is over, so I can't scan again now...
Closed, as it should. You either have a bad copy of nc, a dodgy firewall rule, some strange routing, or something is attempting to MiTM your FTP connections to snaffle passwords.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
Interesting......
I'm going to bed. I'll investigate and update this thread tomorrow.
Thanks for youguys help.
Posting Permissions