-
November 14th, 2006, 08:35 PM
#1
Senior Member
nmap localhost
hello there all
i just did an nmap on my gatway pc and found i have ftp (23) open
but i do not have ftp installed
well at least i do not think i have
i have abyss web server, overseaer running and that is it
can i use nmap to work out what ftp server is running?
like life, this is a test
-
November 14th, 2006, 08:46 PM
#2
What OS?
I'm going to assume Windows XP SP2:
start->run->cmd.exe
netstat -nab
It will list all open ports and what programs have them open.
If not, try downloading Fport from Foundstone, it will do the same thing.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
November 14th, 2006, 08:54 PM
#3
Senior Member
yes sorry win xp (sorry!!)
i knew about netstat but not the keys will go upstaris and have ago
very useful
like life, this is a test
-
November 14th, 2006, 09:07 PM
#4
Um, port 23 is telnet , not ftp
There are two rules for success in life:
Rule 1: Don't tell people everything you know.
-
November 15th, 2006, 03:01 AM
#5
have you tried connecting to it?
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
November 16th, 2006, 07:17 PM
#6
Senior Member
sorry it is port 21 and nmap says it is open
and no can not connect to it
this scares me some what
i did put nessus server on there some time ago and can not remember if i set it to run as a service and i am sure that does not use port 21
ps i tried to connect using opera/explorer and command line telnet
any other ideas?
ppss
netstat -nab did not show up any port 21 programme running
like life, this is a test
-
November 16th, 2006, 07:26 PM
#7
Did it show any port 21 at all?
Try fport from foundstone: http://www.foundstone.com/resources/...file=fport.zip
Probably wouldn't hurt to run hijaack this and post both results here (be sure to peruse through it to sanitize):
http://www.spywareinfo.com/~merijn/p...php#hijackthis
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
November 16th, 2006, 08:06 PM
#8
Senior Member
ok here is the fport results taken off the local machine
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Pid Process Port Proto Path
736 abyssws -> 80 TCP E:\Abyss Web Server\abyssws.exe
1348 -> 135 TCP
4 System -> 139 TCP
640 Overseer -> 443 TCP C:\Program Files\Sequreware\Overseer\Overseer.exe
4 System -> 445 TCP
1544 LEXPPS -> 1025 TCP C:\WINDOWS\system32\LEXPPS.EXE
2716 -> 1040 TCP
2432 nessusd -> 1241 TCP C:\Program Files\Tenable\Nessus\nessusd.exe
1460 mDNSResponder -> 5354 TCP C:\Program Files\Bonjour\mDNSResponder.exe
736 abyssws -> 9999 TCP E:\Abyss Web Server\abyssws.exe
196 avgemc -> 10110 TCP C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
3416 ashMaiSv -> 12025 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3496 ashWebSv -> 12080 TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
3416 ashMaiSv -> 12110 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3416 ashMaiSv -> 12119 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3416 ashMaiSv -> 12143 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
0 System -> 53 UDP
0 System -> 123 UDP
3416 ashMaiSv -> 123 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3014656 -> 137 UDP
0 System -> 137 UDP
0 System -> 138 UDP
736 abyssws -> 445 UDP E:\Abyss Web Server\abyssws.exe
1348 -> 500 UDP
640 Overseer -> 1026 UDP C:\Program Files\Sequreware\Overseer\Overseer.exe
4 System -> 1035 UDP
1544 LEXPPS -> 1041 UDP C:\WINDOWS\system32\LEXPPS.EXE
0 System -> 1042 UDP
736 abyssws -> 1055 UDP E:\Abyss Web Server\abyssws.exe
4 System -> 1372 UDP
0 System -> 1900 UDP
2716 -> 2549 UDP
2432 nessusd -> 2550 UDP C:\Program Files\Tenable\Nessus\nessusd.exe
1460 mDNSResponder -> 2551 UDP C:\Program Files\Bonjour\mDNSResponder.exe
196 avgemc -> 2552 UDP C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
3416 ashMaiSv -> 2553 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3496 ashWebSv -> 2554 UDP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
0 System -> 2725 UDP
3416 ashMaiSv -> 3380 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3416 ashMaiSv -> 4500 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
0 System -> 5353 UDP
and here is the nmap results from a remote machine
Starting nmap 3.93 ( http://www.insecure.org/nmap ) at 2006-11-16 19:58 GMT Standard Time
Interesting ports on 192.168.2.3:
(The 1662 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
9999/tcp open abyss
MAC Address: ************* (Intel Corporate)
Nmap finished: 1 IP address (1 host up) scanned in 21.992 seconds
any thoughts?
like life, this is a test
-
November 16th, 2006, 08:58 PM
#9
What did hijaack this report?
When you ran netstat earlier, it should have also listed all open connections, with both source/destination IPs followed by a : with the last number being the port that was open. Did any of those show port 21?
It's pretty odd that you have nmap reporting the port open and neither FPORT (a separate known-good binary) nor nestat see anything. I'm also assuming your AV is up to date and you've done a full scan recently?
Would be curious to see the hijaack this results, if you don't want to post them, feel free to PM.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
November 17th, 2006, 03:49 AM
#10
Download and install Active Ports. Run it while you try connecting
from another PC on the LAN. That should yield the .exe that's acting
as the ftp server.
You might also go over the services running on the offending PC.
Close examination should give you some clues too.
“Everybody is ignorant, only on different subjects.” — Will Rogers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|