I have been asked to scan a friends network to see what it looks like from the Inet. Fter doing so, the results showed that he had thousands of ports open running udp services.
Would this worry you if it was your gateway? If so why?
Thanks
Printable View
I have been asked to scan a friends network to see what it looks like from the Inet. Fter doing so, the results showed that he had thousands of ports open running udp services.
Would this worry you if it was your gateway? If so why?
Thanks
what are the port numbers which are open? eg. 27374
Just to mention a few. The list goes all the way up to 50k or so!!
1/udp open tcpmux
2/udp open compressnet
3/udp open compressnet
4/udp open unknown
5/udp open rje
6/udp open unknown
7/udp open echo
8/udp open unknown
9/udp open discard
10/udp open unknown
11/udp open systat
12/udp open unknown
13/udp open daytime
14/udp open unknown
15/udp open unknown
16/udp open unknown
17/udp open qotd
18/udp open msp
19/udp open chargen
20/udp open ftp-data
21/udp open ftp
22/udp open ssh
23/udp open telnet
24/udp open priv-mail
25/udp open smtp
26/udp open unknown
27/udp open nsw-fe
28/udp open unknown
29/udp open msg-icp
30/udp open unknown
31/udp open msg-auth
32/udp open unknown
33/udp open dsp
34/udp open unknown
35/udp open priv-print
36/udp open unknown
37/udp open time
38/udp open rap
39/udp open rlp
40/udp open unknown
41/udp open graphics
42/udp open nameserver
43/udp open shois
44/udp open mpm-flags
45/udp open mpm
46/udp open mpm-snd
47/udp open ni-ftp
48/udp open auditd
49/udp open tacacs
50/udp open re-mail-ck
51/udp open la-maint
52/udp open xns-time
53/udp open domain
54/udp open xns-ch
55/udp open isi-gl
56/udp open xns-auth
57/udp open priv-term
58/udp open xns-mail
59/udp open priv-file
60/udp open unknown
61/udp open ni-mail
62/udp open acas
63/udp open via-ftp
64/udp open covia
65/udp open tacacs-ds
66/udp open sql*net
67/udp open bootps
68/udp open bootpc
69/udp open tftp
70/udp open gopher
71/udp open netrjs-1
72/udp open netrjs-2
73/udp open netrjs-3
74/udp open netrjs-4
Wow, sure it does worry me if it was my network, I'm sure there is someting critical wrong with network setup, your friend should close the unused ports imediately.
if there is a web and mail server the only ports which should be open are 80 for web and 25/110 for mail and etc.
I have tried to telnet to a few of the ports, but they do not respond, How else could I get more information on his gateway?
ok if they don't respond it might be your port scanner is buggy and the ports are not open, how do you scan the ports?
try " angry IP scanner" which has options which you are able to open the remote machine on explore, telnet, http, ...
I guess you can find it in antionline's archive.
I run nmap oin a Linux box.
nmap -sU -PT -v xxx.xxx.xxx.xxx
I can connect to the mail server but none of the common commands work. I know that they use lotus notes, but all of the common UNIX like commands
are disabled like: mail from:, rcpt to: vrfy... A tad bizare.. Any thoughts?
It's probably something to do with the scanner setup. I don't think I've ever seen a box with *every* port open before...
Ok, the problem lies within nmap here. When nmap scans UDP ports, it sends empty packets to the port and listens for ICMP port unreachable messages from those ports. If it doesn't receive those ICMp packets, it considers the port open, when in fact, the host just didn't respond. There are some other scanners out there (sorry, can't remember which ones, but I'll look and see if I can find one) that send garbage udp packets to those ports. By sending a UDP packet with a non-zero payload, more UDP ports will respond correctly and give a more accurate representation of the UDP ports that are actually open.
Ok, thanks for explaining it for me :-)