when i scan a range of ports i always get dead computers to show up, and if i get any live ones it is either port 80 or maybe 25. When i scan like my computer i have somewhere around 6 ports open. Am i doing something wrong?
Printable View
when i scan a range of ports i always get dead computers to show up, and if i get any live ones it is either port 80 or maybe 25. When i scan like my computer i have somewhere around 6 ports open. Am i doing something wrong?
First off it's a good idea to tell us what tools you're using under what OS.
No, you're not doing anything wrong necessarily. If your pot scanner is enabled to show dead hosts, then it does so. Also, 25 and 80 are service ports [SMTP and HTTP] therefore it is normal for servers [usually] to have these ports open.
I think I shouldn't have to stress that port scanning is frowned upon, especially if you're scanning full ports on some hosts. On firewalled machines after the first couple of ports scanned the firewall might adapt and drop all requests from your IP, therefore nothing would show up [a 'dead' host]. So if this scanning is done without a legal purpose you better stop it before your ISP gets notified.
P.S. Did you scan your own computer through 127.0.0.1 or through the Internet IP? The results might be different depending which of the two scans you did.
hai,
iam esh theres nothing wrong in it.u said that u had 25 and 80 ports are open
those are srevice port [Smtp,Http].u do one thing check with th reverse loop back
adress 127.0.0.1.further mail me about ur'[email protected].
Can someone translate ^^^^ that into english? I know he isn't from America, so I am not bitching, but what the hell did that say?
As far as scanning goes, there really isn't any such thing as Illegal scanning Hypronnix. It is frowned upon, but it isn't illegal in anyway. You can scan a .gov address and not get in trouble, my get a phone call but there is nothing illegal about it.
As for scanning and getting only 25 and 80 open that is very common. Most servers and even home PC's have those open. Definately 80. Which is HTTP.
I need to know what tool your using to better help you. If you don't really know much about your tool, and have the source post it, and I will take a look at your source and let you know a little about it.
Later
whizkid2300,
This is not completly true, for instance the Belgian ICT law also makes the possesion of information about other systems with the intend to gain access to them, and attempts to gain access illegal. If the 'target' is realy pissed they could try to stretch your port scan to an attempt to gain info to hack their system and in that way an attempt to gain access without authorization.Quote:
As far as scanning goes, there really isn't any such thing as Illegal scanning Hypronnix
Is a port scan always legal? I'm not so sure.
Crazy, I was just talking about this with a colleauge yesterday.
http://www.securityfocus.com/news/126
Port scanning is not an evil thing, its absolutley imperative you check it out when pen testing a system. You gotta test security with what is readily available to other people. As a first line of defense you want to know what ports are open, everyone else will be able to. ;-)
hopefully not though.
Kr5Kernel
That is, if you're scanning your own system, or network....not scanning a broad range of IPs or a whole network that doesn't belong to you ;).Quote:
Port scanning is not an evil thing, its absolutley imperative you check it out when pen testing a system. You gotta test security with what is readily available to other people. As a first line of defense you want to know what ports are open, everyone else will be able to. ;-)
Oh totally, you have to be ethical. But I am saying, you have to use as many of the tools / exploits out there on your own system, as they are available to everyone. There is a big difference between testing your new firewall, and blasting through the internet spray port scans everwhere. :-)
#1. hypronix :) no capital h, no double letters. thanks :)Quote:
Originally posted here by whizkid2300
As far as scanning goes, there really isn't any such thing as Illegal scanning Hypronnix. It is frowned upon, but it isn't illegal in anyway. You can scan a .gov address and not get in trouble, my get a phone call but there is nothing illegal about it.
#2. Well I did not say illegal, but as VictorKaum pointed out some legislations might try to show that a port scan is a certain warning for a future intrusion attempt. And with tightening computer laws you never know what they might end up charging you with... for a mere port scan.
So don't go scanning ranges of IP you have no specific permission. Your ISP might not like getting contacted too many times and they might drop you one day.
First off you are on the internet when you scan right...
and second what port scanner are you useing it may not work it may be a broken PS...
I have had a few like black code and L32z
Best bet is to use NMap for secureing you comp i hope that is what you are doing...
I wish that Port Scans are really illegal.....
My servers get scanned every now and then
when they break through my ISP's IDS system
Most law enforcement in my area is totally clueless
and every time they go after a Internet Bad Guy
it gets thrown out for one reason or another....
Usually they go after a Kiddie Porn Problem
and usually do pretty good on that.
But I will say they did nail that Buffalo Spammer
which is not that far from me.....
Maby you can disable the port scanner for no dead ports and what port scanner are you using because some just do not work at all and who are you scaning? Yourself?
That could be a bit of a "worrier". I scan computers quite regularly. Why? Because I want to know their "stance" as a result of suspicious activity from them in the first place. It is almost always an unsolicited contact on their behalf though I have had occasions where one of my workstations contacted them sometime recently and the activity followed either right away or soon after. I do it for a good reason. If the box shows me a bunch of open ports it's probably compromised. If I can then make some kind of connection, (anon ftp, wierd http etc.), then it goes straight on my blocked list.Quote:
but as VictorKaum pointed out some legislations might try to show that a port scan is a certain warning for a future intrusion attempt.
On the bright side I can show all the contacts between me and it, I can show they pre-empted the conversation, that I scanned, was suspicious, connected and left.
Aren't log files just the "Bee's Knees"? :D
In the case of a sysadmin I guess it's not as likely for the authorities to be too picky, especially if you have logs on your side. As a security professional it would be your job to ensure the safety of your network. But before you alert the powers that be about possible illegal activities you need to make sure that's the case[so you don't call the FBI or ISPs everyday].
But a random computer scanning successive ranges does trigger some suspicion.
I have superscan 3.0, do you think that's a good port scanner? I know there is now a superscan 4.0 but I'm to lazy to upgrade lol :p .
nothing is wrong body maby your port scanner is broken
Please correct me if I'm wrong...Quote:
Originally posted here by Tiger Shark
On the bright side I can show all the contacts between me and it, I can show they pre-empted the conversation, that I scanned, was suspicious, connected and left.
Aren't log files just the "Bee's Knees"? :D
Wouldn't it be very easy to fabricate some log files? In which, case you would need the log files from the other end of the "Conversation," to coroborate (sp?) your story to the investigating authorities! If the machine you connected to really is compromised the owner will, most likely, not have a clue about log files - so you're safe. If, however, the machine is not compromised what are the chances of the complaining owner deleting or doctoring his log files?
Hmmmm.....
well i agree with simon it is very very easy to fabricate, once they authorites cathch you it'll be hard to prove thatyou are innocent.
complications,complications .
my advice to you be care ful using that tool
You can fabricate log files, but you cannot fabricate the log files on your ISP [unless you decide you're able to hack into their network and change stuff around]. Usually your log files will indicate a certain activity, and the ISP can confirm or infirm [to the authorities] that what you're saying is true, based on their logs.Quote:
Originally posted here by Simple Simon
Please correct me if I'm wrong...
Wouldn't it be very easy to fabricate some log files? In which, case you would need the log files from the other end of the "Conversation," to coroborate (sp?) your story to the investigating authorities! If the machine you connected to really is compromised the owner will, most likely, not have a clue about log files - so you're safe. If, however, the machine is not compromised what are the chances of the complaining owner deleting or doctoring his log files?
Hmmmm.....
I'm not sure of what you mean by safe... do you mean as an attacker you're safe? Because that wouldn't be the case, I mean it's enough for them to complain to respective authorities and his ISP would dig up some logs and so on so forth.
I get port scanned every couple of days. I automatically whosit the addy and send an email to the abuse address that is in that solution.
The benifit of this, is very seldom have I ever been scanned more than once from the same block of addresses. The one time when, I did get scanned multiple times from the same IP block, I got a note from their abuse people saying that the offender was removed from their service.
Umm maybe you have a bad port scanner?
Of course, the ISP logs! I knew I'd missed something, but couldn't figure it out. Probably too early on a Sunday morning for me! lolQuote:
Originally posted here by hypronix
You can fabricate log files, but you cannot fabricate the log files on your ISP [unless you decide you're able to hack into their network and change stuff around]. Usually your log files will indicate a certain activity, and the ISP can confirm or infirm [to the authorities] that what you're saying is true, based on their logs.
I'm not sure of what you mean by safe... do you mean as an attacker you're safe? Because that wouldn't be the case, I mean it's enough for them to complain to respective authorities and his ISP would dig up some logs and so on so forth.
By safe I meant relatively safe'ish if the user doesn't know about his logs. I mean if the box being scanned is vulnerable it's unlikely, unless it's a honeypot, that the owner knows about the logs.
Hmmm ... the more I type the more I consider there are too many variable unknowns in this melting pot. My advice would be to avoid port scanning as far as possible.
IMHO there's a big difference (at least emotional) between scanning a box that has tried to make contact in a manner you suspect it has been compromised and the owner does not know or on the other side, scan whole IP ranges to find boxes that have left those ports open that you want to use for your little evil exploit... anyway if port scanning is illegal, both are against the law. Probably after some complains your ISP will shutdown your connection cause of violation of the acceptable use policy and that would be all.