Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Nmap issue

Hybrid View

  1. #1
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Question Nmap issue

    hi all,

    i don't know why when i try make scan to my VBOX (Win XP) i have this line below when i use NMAP:

    Discovered open port 21/tcp on 10.10.10.111


    and If i use Nessus it's show me the port 21 is open but no more details.

    by the way i have it even if i reinstall new VBOX (Win XP).

    may some one have idea about it.

    Best Regards,

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Nmap issue

    Please give us some more detail, like the nmap command you use, the output it gives, some Nessus policy, what about the Windows XP machine ? Did you try another OS on virtualbox ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Nmap issue

    Quote Originally Posted by sickness View Post
    Please give us some more detail, like the nmap command you use, the output it gives, some Nessus policy, what about the Windows XP machine ? Did you try another OS on virtualbox ?
    sickness, I use the normal command : nmap -v 10.10.10.10 and it give me there is port 21 is open see below :

    PORT STATE SERVICE
    21/tcp open ftp
    135/tcp filtered msrpc
    139/tcp open netbios-ssn
    445/tcp filtered microsoft-ds

    and i'm sure i didn't open port 21 in my VBOX and about Nessus it show me SVC Name = ftp? and Total port = 0.

    yes @sickness i try another PC even in the real world it show me that.

    so did you have any idea about that.

    Best Regards,

  4. #4
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Nmap issue

    Why not log into the Windows box and perform a "netstat -bnv | find "21"" command.

    This should tell you the process attached to that daemon.

    You can also add a "--reason" argument to your Nmap scan to see why it reports it as open (typically SYN-ACK).
    I got 99 problems but the bits ain't one...

  5. #5
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Nmap issue

    Quote Originally Posted by skidmarq View Post
    Why not log into the Windows box and perform a "netstat -bnv | find "21"" command.

    This should tell you the process attached to that daemon.

    You can also add a "--reason" argument to your Nmap scan to see why it reports it as open (typically SYN-ACK).
    i try but i don't find anything. check this :

    root@skull:~# nmap -v 192.168.0.1 --reason

    Starting Nmap 5.21 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-07-03 02:21 CEST
    Initiating ARP Ping Scan at 02:21
    Scanning 192.168.0.1 [1 port]
    Completed ARP Ping Scan at 02:21, 0.03s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 02:21
    Completed Parallel DNS resolution of 1 host. at 02:21, 0.12s elapsed
    Initiating SYN Stealth Scan at 02:21
    Scanning 192.168.0.1 [1000 ports]
    Discovered open port 80/tcp on 192.168.0.1
    Discovered open port 21/tcp on 192.168.0.1
    Discovered open port 443/tcp on 192.168.0.1
    Discovered open port 5101/tcp on 192.168.0.1
    Completed SYN Stealth Scan at 02:21, 4.05s elapsed (1000 total ports)
    Nmap scan report for 192.168.0.1
    Host is up, received arp-response (0.0023s latency).
    Not shown: 996 filtered ports
    Reason: 996 no-responses
    PORT STATE SERVICE REASON
    21/tcp open ftp syn-ack
    80/tcp open http syn-ack
    443/tcp open https syn-ack
    5101/tcp open admdog syn-ack
    MAC Address: 00:17:C4:20:EB:15 (Quanta Microsystems)

    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 4.39 seconds
    Raw packets sent: 1999 (87.954KB) | Rcvd: 7 (306B)
    root@skull:~# ftp 192.168.0.1
    Connected to 192.168.0.1.
    421 Service not available, remote server has closed connection
    ftp>

  6. #6
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Nmap issue

    What about the Windows side command I asked you to try?
    I got 99 problems but the bits ain't one...

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Nmap issue

    Also, just as a curiosity, why do the host IP's keep changing?
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  8. #8
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Nmap issue

    Quote Originally Posted by Gitsnik View Post
    Also, just as a curiosity, why do the host IP's keep changing?
    i just change the ip in the scan command even if the ip is off check this :

    nmap -v 192.168.1.111 -Pn

    Starting Nmap 5.35DC1 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-08-27 21:55 EET
    Initiating Parallel DNS resolution of 1 host. at 21:55
    Completed Parallel DNS resolution of 1 host. at 21:55, 0.18s elapsed
    Initiating SYN Stealth Scan at 21:55
    Scanning 192.168.1.111 [1000 ports]
    Discovered open port 21/tcp on 192.168.1.111
    Completed SYN Stealth Scan at 21:55, 4.24s elapsed (1000 total ports)
    Nmap scan report for 192.168.1.111
    Host is up (0.0021s latency).
    Not shown: 999 filtered ports
    PORT STATE SERVICE
    21/tcp open ftp

    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 4.57 seconds
    Raw packets sent: 2002 (88.088KB) | Rcvd: 4 (176B)


    I don't have that ip in my network or in 5 kilometer around of me.
    Last edited by skull2006; 08-27-2010 at 08:00 PM.

  9. #9
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Nmap issue

    Quote Originally Posted by skidmarq View Post
    What about the Windows side command I asked you to try?
    I really made the netstat -aon |finn *** but nothing about FTP or Port 21.

    And i try it to my work real IP:

    root@skull:~# nmap -v -O 6*.**.**.*** -p21 -A ant the result is this::

    Host is up (0.039s latency).
    PORT STATE SERVICE VERSION
    21/tcp open ftp?
    Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

    even nessus show me the ? in every IP i make scan on it so why the FTP keep noise me.

    Regards,

  10. #10
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Nmap issue

    this is maybe will clear the air:
    this is to public ip.........

    root@Skull:~# ftp 1.1.1.1
    Connected to 1.1.1.1.
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 1 of 50 allowed.
    220-Local time is now 21:19. Server port: 21.
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (1.1.1.1:root): anonymous
    331 Any password will work
    Password:
    230 Any password will work
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls
    500 I won't open a connection to 10.10.10.10 (only to myrealip)
    ftp: bind: Address already in use
    ftp>
    so any one can explain to me and he must read all the posts.

Page 1 of 2 12 LastLast

Similar Threads

  1. Tor with nmap/nc
    By kakayoma in forum OLD General IT Discussion
    Replies: 1
    Last Post: 01-16-2010, 02:58 AM
  2. Plz help with nmap
    By yucatans in forum OLD Newbie Area
    Replies: 4
    Last Post: 12-09-2008, 01:05 AM
  3. Airodump-ng Issue + Aireplay-ng Issue
    By whiteice in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-05-2008, 05:47 AM
  4. Using Nmap
    By ranees in forum OLD BT3final Support
    Replies: 17
    Last Post: 08-07-2008, 01:36 PM
  5. What next? (Nmap)
    By n00b_h4xx0r in forum OLD BackTrack v2.0 Final
    Replies: 3
    Last Post: 11-13-2007, 01:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •