Results 1 to 10 of 10

Thread: nmap localhost

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    101

    nmap localhost

    hello there all
    i just did an nmap on my gatway pc and found i have ftp (23) open

    but i do not have ftp installed

    well at least i do not think i have

    i have abyss web server, overseaer running and that is it

    can i use nmap to work out what ftp server is running?
    like life, this is a test

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    What OS?

    I'm going to assume Windows XP SP2:
    start->run->cmd.exe
    netstat -nab

    It will list all open ports and what programs have them open.

    If not, try downloading Fport from Foundstone, it will do the same thing.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    101
    yes sorry win xp (sorry!!)

    i knew about netstat but not the keys will go upstaris and have ago

    very useful
    like life, this is a test

  4. #4
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    143
    Um, port 23 is telnet , not ftp
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    have you tried connecting to it?
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    101
    sorry it is port 21 and nmap says it is open
    and no can not connect to it

    this scares me some what

    i did put nessus server on there some time ago and can not remember if i set it to run as a service and i am sure that does not use port 21

    ps i tried to connect using opera/explorer and command line telnet

    any other ideas?

    ppss

    netstat -nab did not show up any port 21 programme running
    like life, this is a test

  7. #7
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Did it show any port 21 at all?
    Try fport from foundstone: http://www.foundstone.com/resources/...file=fport.zip

    Probably wouldn't hurt to run hijaack this and post both results here (be sure to peruse through it to sanitize):
    http://www.spywareinfo.com/~merijn/p...php#hijackthis
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    101
    ok here is the fport results taken off the local machine
    FPort v2.0 - TCP/IP Process to Port Mapper
    Copyright 2000 by Foundstone, Inc.
    http://www.foundstone.com

    Pid Process Port Proto Path
    736 abyssws -> 80 TCP E:\Abyss Web Server\abyssws.exe
    1348 -> 135 TCP
    4 System -> 139 TCP
    640 Overseer -> 443 TCP C:\Program Files\Sequreware\Overseer\Overseer.exe
    4 System -> 445 TCP
    1544 LEXPPS -> 1025 TCP C:\WINDOWS\system32\LEXPPS.EXE
    2716 -> 1040 TCP
    2432 nessusd -> 1241 TCP C:\Program Files\Tenable\Nessus\nessusd.exe
    1460 mDNSResponder -> 5354 TCP C:\Program Files\Bonjour\mDNSResponder.exe
    736 abyssws -> 9999 TCP E:\Abyss Web Server\abyssws.exe
    196 avgemc -> 10110 TCP C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    3416 ashMaiSv -> 12025 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    3496 ashWebSv -> 12080 TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    3416 ashMaiSv -> 12110 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    3416 ashMaiSv -> 12119 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    3416 ashMaiSv -> 12143 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    0 System -> 53 UDP
    0 System -> 123 UDP
    3416 ashMaiSv -> 123 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    3014656 -> 137 UDP
    0 System -> 137 UDP
    0 System -> 138 UDP
    736 abyssws -> 445 UDP E:\Abyss Web Server\abyssws.exe
    1348 -> 500 UDP
    640 Overseer -> 1026 UDP C:\Program Files\Sequreware\Overseer\Overseer.exe
    4 System -> 1035 UDP
    1544 LEXPPS -> 1041 UDP C:\WINDOWS\system32\LEXPPS.EXE
    0 System -> 1042 UDP
    736 abyssws -> 1055 UDP E:\Abyss Web Server\abyssws.exe
    4 System -> 1372 UDP
    0 System -> 1900 UDP
    2716 -> 2549 UDP
    2432 nessusd -> 2550 UDP C:\Program Files\Tenable\Nessus\nessusd.exe
    1460 mDNSResponder -> 2551 UDP C:\Program Files\Bonjour\mDNSResponder.exe
    196 avgemc -> 2552 UDP C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    3416 ashMaiSv -> 2553 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    3496 ashWebSv -> 2554 UDP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    0 System -> 2725 UDP
    3416 ashMaiSv -> 3380 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    3416 ashMaiSv -> 4500 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    0 System -> 5353 UDP

    and here is the nmap results from a remote machine


    Starting nmap 3.93 ( http://www.insecure.org/nmap ) at 2006-11-16 19:58 GMT Standard Time
    Interesting ports on 192.168.2.3:
    (The 1662 ports scanned but not shown below are in state: filtered)
    PORT STATE SERVICE
    21/tcp open ftp
    80/tcp open http
    139/tcp open netbios-ssn
    443/tcp open https
    445/tcp open microsoft-ds
    9999/tcp open abyss
    MAC Address: ************* (Intel Corporate)

    Nmap finished: 1 IP address (1 host up) scanned in 21.992 seconds

    any thoughts?
    like life, this is a test

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    What did hijaack this report?
    When you ran netstat earlier, it should have also listed all open connections, with both source/destination IPs followed by a : with the last number being the port that was open. Did any of those show port 21?

    It's pretty odd that you have nmap reporting the port open and neither FPORT (a separate known-good binary) nor nestat see anything. I'm also assuming your AV is up to date and you've done a full scan recently?

    Would be curious to see the hijaack this results, if you don't want to post them, feel free to PM.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Download and install Active Ports. Run it while you try connecting
    from another PC on the LAN. That should yield the .exe that's acting
    as the ftp server.

    You might also go over the services running on the offending PC.
    Close examination should give you some clues too.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •