NetScanTools 5

[rmcgoo]

Could someone who uses netscantools link me or help me out-
I posted a while ago how my computer kept getting port scanned, so i decided to learn what portscanning was, and i got netscantools to do it. Im scanning my roomates PC, win xp home with no firewall. After I do it, it shows me a bunch of ports with the green circle, but i cant connect to them. Does the green circle have to have the D in it? It says service found but no data recieved. Or am I sounding like a dork? Or do I need a swift kick in the head? Lets hear it..

[skiddieleet]

Sometimes ports are opened without services attached to them. Could you post what ports were open and maybe I or someone else can explain. Also I just downloaded GFI LANguard network security scanner, and I have to say it rocks. I have scanned all the computers on my network, and found some interesting things. It has a 30 day evaluation period and I think it is still free after that it just has fewer features. They have a pro version which you pay for.

edit
I also scanned the ip of my router, and found something I never knew. You all know that a lot of routers have web configuration interfaces. Well when I scanned the router it told me that there was a web server and also a unix operating system. Either it was detecting a computer inside my network(not likely because the only unix like comp I have is RH9 and it detected that on a different scan) or my router is running unix. Kindof neat. Does anyone know more about this, do routers actually run their own mini OS?

[S3cur|ty4ng31]

Do you have any port forwarding setup on your router?
The scanner would follow this same path if you did. You would think languard would be a little better than that, I can ping a router and if it is resonsive to pings I can usually tell what it is from OS fingerprinting.

[rmcgoo]

00025 - TCP - smtp
00080 - TCP - http
00081 - TCP - unknown
00082 - TCP - unknown
00083 - TCP - unknown
00110 - TCP - pop3
00119 - TCP - nntp
00139 - TCP - netbios-ssn

These ports were open but didnt respond with information- how would you connect to them?

[skiddieleet]

cool
for 25 type this at the command prompt: telnet xxx.xxx.xxx.xxx 25
where the x's are the ip address. then type helo localhost
mail from:<foo@bar.com>
rcpt to:<user@email.address.com>
data
message here
.
quit

for port 80 just open your browser and type in http://xxx.xxx.xxx.xxx where the x's are the ip, if he actually has a web page it will show up.

for 110 there isn't much you can do without an account.

for 139 go to start>run and type
\\xxx.xxx.xxx.xxx
where the x's are the ip and you should see all the shares if the person actually has netbios enabled and is sharing something and is not password protecting it.

as for the rest, don't have a clue. If any of these don't work, it is because the port is open but there is no service running or it is a service using a port for a different service.

[Wazz]

Assuming you have permission from your roomate........Have you tried to connect with Telnet or use a "Net" (or any) command from a Command Prompt? there are alot of advanced techniques that you can use once you get the basic "enumeration info" from NetScanTools. Be a bit more specific on what you have tried and maybe we can figure it out.

[n01100110]

I also scanned the ip of my router, and found something I never knew. You all know that a lot of routers have web configuration interfaces. Well when I scanned the router it told me that there was a web server and also a unix operating system. Either it was detecting a computer inside my network(not likely because the only unix like comp I have is RH9 and it detected that on a different scan) or my router is running unix. Kindof neat. Does anyone know more about this, do routers actually run their own mini OS?

Well there is cisco IOS, which is Inter-networking Operating Software which is a little OS that the router uses for configurations etc, Im still taking cisco so i don't have it mastered..
But as for GFI, that program has been known for false positives..It caused me alot of head aches when I was scanning my systems, but they were just misinterpreted services, that sort of thing..

[rmcgoo]

HAHAHA i did the thing on port 139, he was workin on his computer and i started print off pictures of leprehcans! Awesome- is there a name for what i just did, or was it just childs play?

[skiddieleet]

All you did was access what he was sharing. In this case I guess he was sharing a printer. Just don't do that to anyone you don't know because I think it is illegal given that you are gaining unauthorized access to a remote machine. On the other hand if they have sharing on, they are almost giving you authorization by sharing it with no password. It is your call. I would like to print out a message that says you are insecure, or put up a firewall to all the people with that port open and no password on their shares. Check out my post What am I doing wrong?
for tips on securing and password protecting your friends shares.

[rmcgoo]

Excellent. Thanks a lot for your help- AO rocks