Port scanning Solaris - nmap "filtered" ports and Nessus output
This is a discussion on Port scanning Solaris - nmap "filtered" ports and Nessus output within the Linux Security forums, part of the System Security and Security Related category; Subba Rao <castellan2004-mail@SPAMBUSTER.yahoo.com> writes: >The partial list of nmap is listed at the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-18-2004
|
|||
|
|||
Re: Port scanning Solaris - nmap "filtered" ports and Nessus output
Subba Rao <castellan2004-mail@SPAMBUSTER.yahoo.com> writes:
>The partial list of nmap is listed at the bottom of the post. I see lot >of filtered ports. Why is nmap reporting them as "filtered"? One of >the SysAdmins (on vacation now) said something about rpc services. He >said something like "The rpc packages allow port scanners and VA tools >like Nessus take longer time to do such activity." If someone >understands this, could you please explain. Filtered means: the scanner send a packet but no reply came; this can mean several things: - you send a TCP packet and it was indeed filtered *or* the SYN queue was full (unlikely) >When I run Nessus on the same server, I get the following output: >List of open ports : > o ssh (22/tcp) (Security hole found) Some SSH implementation have security problems; Nessus can't telkl whether you implementation has any. > o sunrpc (111/tcp) (Security notes found) > o msrpc (135/tcp) (Security warnings found) > o snet-sensor-mgmt (10000/tcp) (Security hole found) Dunno; what do you run on port 10000? some scanners will use only the port number to infer what the service is. Casper 
|
|
08-18-2004
|
|||
|
|||
|
Port scanning Solaris - nmap "filtered" ports and Nessus output
I am port scanning a Solaris system with nmap and then running Nessus to
see if are exploits to the services. The partial list of nmap is listed at the bottom of the post. I see lot of filtered ports. Why is nmap reporting them as "filtered"? One of the SysAdmins (on vacation now) said something about rpc services. He said something like "The rpc packages allow port scanners and VA tools like Nessus take longer time to do such activity." If someone understands this, could you please explain. When I run Nessus on the same server, I get the following output: List of open ports : o ssh (22/tcp) (Security hole found) o sunrpc (111/tcp) (Security notes found) o msrpc (135/tcp) (Security warnings found) o snet-sensor-mgmt (10000/tcp) (Security hole found) What is "snet-sensor-mgmt" service? There are about 15+ holes listed under this service alone. What does this service do? One other observation, is the "snet-sensor-mgmt" port was found on Nessus scan but NOT on nmap scan. Why is that? Thank you in advance for any help. -- SR castellan2004-mail@SPAMBUSTER.yahoo.com Please remove SPAMBUSTER to reply via email. 6548/tcp filtered PowerChutePLUS 6667/tcp filtered irc 6668/tcp filtered irc 6969/tcp filtered acmsoda 7001/tcp filtered afs3-callback 7005/tcp filtered afs3-volser 7008/tcp filtered afs3-update 7010/tcp filtered ups-onlinet 7070/tcp filtered realserver 7201/tcp filtered dlip 7464/tcp filtered pythonds 8000/tcp open http-alt 8007/tcp filtered ajp12 8082/tcp filtered blackice-alerts 9111/tcp filtered DragonIDSConsole 9999/tcp filtered abyss 10005/tcp filtered stel 12346/tcp filtered NetBus 13710/tcp filtered VeritasNetbackup 13711/tcp filtered VeritasNetbackup 13712/tcp filtered VeritasNetbackup 13713/tcp filtered VeritasNetbackup 13714/tcp filtered VeritasNetbackup 13715/tcp filtered VeritasNetbackup 13718/tcp filtered VeritasNetbackup 13722/tcp open VeritasNetbackup
|
|
08-18-2004
|
|||
|
|||
|
Re: Port scanning Solaris - nmap "filtered" ports and Nessus output
In comp.security.unix Subba Rao <castellan2004-mail@spambuster.yahoo.com> wrote:
>When I run Nessus on the same server, I get the following output: >List of open ports : > > o ssh (22/tcp) (Security hole found) > o sunrpc (111/tcp) (Security notes found) > o msrpc (135/tcp) (Security warnings found) > o snet-sensor-mgmt (10000/tcp) (Security hole found) > >What is "snet-sensor-mgmt" service? There are about 15+ holes listed >under this service alone. What does this service do? On my system this is Webmin running on port 10000 > >One other observation, is the "snet-sensor-mgmt" port was found on >Nessus scan but NOT on nmap scan. Why is that? I have no problems seen port 10000 with nmap from commandline. [root@PORT-PROV-01 root]# nmap -sT 192.168.12.22 Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.12.22): (The 1596 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 10000/tcp open snet-sensor-mgmt 13722/tcp open VeritasNetbackup 13782/tcp open VeritasNetbackup 13783/tcp open VeritasNetbackup -- Sing While You May! remove '+news' from emailaddresse to reply PGP key available upon request. 0x656CB5B5
|
|
10-02-2004
|
|||
|
|||
|
Re: Port scanning Solaris - nmap "filtered" ports and Nessus output
Anders Gulden Olstad wrote:
> In comp.security.unix Subba Rao <castellan2004-mail@spambuster.yahoo.com> wrote: > >>When I run Nessus on the same server, I get the following output: >>List of open ports : >> >> o ssh (22/tcp) (Security hole found) >> o sunrpc (111/tcp) (Security notes found) >> o msrpc (135/tcp) (Security warnings found) >> o snet-sensor-mgmt (10000/tcp) (Security hole found) >> >>What is "snet-sensor-mgmt" service? There are about 15+ holes listed >>under this service alone. What does this service do? > > > On my system this is Webmin running on port 10000 [snip] Livingston used to run tcp-to-serial on ports 10000-10030. -- Fred J. Bourgeois, III FREDNET Corporation Colorless Green Ideas Sleep Furiously, and so do I.... FREDNET is a registered service mark of FREDNET Corporation, Scotts Valley, CA. [E-mail address in header intentionally mangled ... remove "bonzo" part]
|
Linear Mode
