-
June 16th, 2002, 12:34 PM
#1
Member
Would this worry you?
I have been asked to scan a friends network to see what it looks like from the Inet. Fter doing so, the results showed that he had thousands of ports open running udp services.
Would this worry you if it was your gateway? If so why?
Thanks
-
June 16th, 2002, 12:36 PM
#2
what are the port numbers which are open? eg. 27374
-
June 16th, 2002, 12:40 PM
#3
Member
Just to mention a few. The list goes all the way up to 50k or so!!
1/udp open tcpmux
2/udp open compressnet
3/udp open compressnet
4/udp open unknown
5/udp open rje
6/udp open unknown
7/udp open echo
8/udp open unknown
9/udp open discard
10/udp open unknown
11/udp open systat
12/udp open unknown
13/udp open daytime
14/udp open unknown
15/udp open unknown
16/udp open unknown
17/udp open qotd
18/udp open msp
19/udp open chargen
20/udp open ftp-data
21/udp open ftp
22/udp open ssh
23/udp open telnet
24/udp open priv-mail
25/udp open smtp
26/udp open unknown
27/udp open nsw-fe
28/udp open unknown
29/udp open msg-icp
30/udp open unknown
31/udp open msg-auth
32/udp open unknown
33/udp open dsp
34/udp open unknown
35/udp open priv-print
36/udp open unknown
37/udp open time
38/udp open rap
39/udp open rlp
40/udp open unknown
41/udp open graphics
42/udp open nameserver
43/udp open shois
44/udp open mpm-flags
45/udp open mpm
46/udp open mpm-snd
47/udp open ni-ftp
48/udp open auditd
49/udp open tacacs
50/udp open re-mail-ck
51/udp open la-maint
52/udp open xns-time
53/udp open domain
54/udp open xns-ch
55/udp open isi-gl
56/udp open xns-auth
57/udp open priv-term
58/udp open xns-mail
59/udp open priv-file
60/udp open unknown
61/udp open ni-mail
62/udp open acas
63/udp open via-ftp
64/udp open covia
65/udp open tacacs-ds
66/udp open sql*net
67/udp open bootps
68/udp open bootpc
69/udp open tftp
70/udp open gopher
71/udp open netrjs-1
72/udp open netrjs-2
73/udp open netrjs-3
74/udp open netrjs-4
-
June 16th, 2002, 12:51 PM
#4
Wow, sure it does worry me if it was my network, I'm sure there is someting critical wrong with network setup, your friend should close the unused ports imediately.
if there is a web and mail server the only ports which should be open are 80 for web and 25/110 for mail and etc.
-
June 16th, 2002, 12:54 PM
#5
Member
I have tried to telnet to a few of the ports, but they do not respond, How else could I get more information on his gateway?
-
June 16th, 2002, 01:02 PM
#6
ok if they don't respond it might be your port scanner is buggy and the ports are not open, how do you scan the ports?
try " angry IP scanner" which has options which you are able to open the remote machine on explore, telnet, http, ...
I guess you can find it in antionline's archive.
-
June 16th, 2002, 01:17 PM
#7
Member
I run nmap oin a Linux box.
nmap -sU -PT -v xxx.xxx.xxx.xxx
I can connect to the mail server but none of the common commands work. I know that they use lotus notes, but all of the common UNIX like commands
are disabled like: mail from:, rcpt to: vrfy... A tad bizare.. Any thoughts?
-
June 16th, 2002, 01:36 PM
#8
It's probably something to do with the scanner setup. I don't think I've ever seen a box with *every* port open before...
-
June 16th, 2002, 01:52 PM
#9
Ok, the problem lies within nmap here. When nmap scans UDP ports, it sends empty packets to the port and listens for ICMP port unreachable messages from those ports. If it doesn't receive those ICMp packets, it considers the port open, when in fact, the host just didn't respond. There are some other scanners out there (sorry, can't remember which ones, but I'll look and see if I can find one) that send garbage udp packets to those ports. By sending a UDP packet with a non-zero payload, more UDP ports will respond correctly and give a more accurate representation of the UDP ports that are actually open.
-
June 16th, 2002, 03:23 PM
#10
Member
Ok, thanks for explaining it for me :-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|