Would this worry you?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Would this worry you?

  1. #1

    Would this worry you?

    I have been asked to scan a friends network to see what it looks like from the Inet. Fter doing so, the results showed that he had thousands of ports open running udp services.
    Would this worry you if it was your gateway? If so why?

    Thanks

  2. #2
    what are the port numbers which are open? eg. 27374

  3. #3
    Just to mention a few. The list goes all the way up to 50k or so!!

    1/udp open tcpmux
    2/udp open compressnet
    3/udp open compressnet
    4/udp open unknown
    5/udp open rje
    6/udp open unknown
    7/udp open echo
    8/udp open unknown
    9/udp open discard
    10/udp open unknown
    11/udp open systat
    12/udp open unknown
    13/udp open daytime
    14/udp open unknown
    15/udp open unknown
    16/udp open unknown
    17/udp open qotd
    18/udp open msp
    19/udp open chargen
    20/udp open ftp-data
    21/udp open ftp
    22/udp open ssh
    23/udp open telnet
    24/udp open priv-mail
    25/udp open smtp
    26/udp open unknown
    27/udp open nsw-fe
    28/udp open unknown
    29/udp open msg-icp
    30/udp open unknown
    31/udp open msg-auth
    32/udp open unknown
    33/udp open dsp
    34/udp open unknown
    35/udp open priv-print
    36/udp open unknown
    37/udp open time
    38/udp open rap
    39/udp open rlp
    40/udp open unknown
    41/udp open graphics
    42/udp open nameserver
    43/udp open shois
    44/udp open mpm-flags
    45/udp open mpm
    46/udp open mpm-snd
    47/udp open ni-ftp
    48/udp open auditd
    49/udp open tacacs
    50/udp open re-mail-ck
    51/udp open la-maint
    52/udp open xns-time
    53/udp open domain
    54/udp open xns-ch
    55/udp open isi-gl
    56/udp open xns-auth
    57/udp open priv-term
    58/udp open xns-mail
    59/udp open priv-file
    60/udp open unknown
    61/udp open ni-mail
    62/udp open acas
    63/udp open via-ftp
    64/udp open covia
    65/udp open tacacs-ds
    66/udp open sql*net
    67/udp open bootps
    68/udp open bootpc
    69/udp open tftp
    70/udp open gopher
    71/udp open netrjs-1
    72/udp open netrjs-2
    73/udp open netrjs-3
    74/udp open netrjs-4

  4. #4
    Wow, sure it does worry me if it was my network, I'm sure there is someting critical wrong with network setup, your friend should close the unused ports imediately.
    if there is a web and mail server the only ports which should be open are 80 for web and 25/110 for mail and etc.

  5. #5
    I have tried to telnet to a few of the ports, but they do not respond, How else could I get more information on his gateway?

  6. #6
    ok if they don't respond it might be your port scanner is buggy and the ports are not open, how do you scan the ports?
    try " angry IP scanner" which has options which you are able to open the remote machine on explore, telnet, http, ...
    I guess you can find it in antionline's archive.

  7. #7
    I run nmap oin a Linux box.

    nmap -sU -PT -v xxx.xxx.xxx.xxx

    I can connect to the mail server but none of the common commands work. I know that they use lotus notes, but all of the common UNIX like commands
    are disabled like: mail from:, rcpt to: vrfy... A tad bizare.. Any thoughts?

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735
    It's probably something to do with the scanner setup. I don't think I've ever seen a box with *every* port open before...

  9. #9
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    Ok, the problem lies within nmap here. When nmap scans UDP ports, it sends empty packets to the port and listens for ICMP port unreachable messages from those ports. If it doesn't receive those ICMp packets, it considers the port open, when in fact, the host just didn't respond. There are some other scanners out there (sorry, can't remember which ones, but I'll look and see if I can find one) that send garbage udp packets to those ports. By sending a UDP packet with a non-zero payload, more UDP ports will respond correctly and give a more accurate representation of the UDP ports that are actually open.

  10. #10
    Ok, thanks for explaining it for me :-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides