more attacks

Warren Togami warren at togami.com
Fri Jul 27 23:44:01 PDT 2001


The following is an nmap scan result for Jon's system (Addresses are changed
to protect the innocent).  His router is doing a very good job in dropping
packets rather than reporting that they are closed.  This apparently makes
nmap's OS detection harder to get correct, and port scanning takes MUCH
longer when it doesn't immediately get replies saying that ports are closed.
The open ports are forwarded to services run on machines on his internal
network.

[root at localhost /root]# nmap -O 10.27.7.141

Starting nmap V. 2.54BETA27 ( www.insecure.org/nmap/ )
Warning:  OS detection will be MUCH less reliable because we did not find at
least
 1 open and 1 closed TCP port
Interesting ports on (10.27.7.141):
(The 1544 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
80/tcp     open        http
110/tcp    open        pop-3

No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SInfo(V=2.54BETA27%P=i686-pc-linux-gnu%D=7/27%Time=3B6253BD%O=22%C=-1)
TSeq(Class=RI%gcd=1%SI=88CA%IPID=I%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=B550%IPID=I%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=87EA%IPID=I%TS=100HZ)
T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 3.004 days (since Tue Jul 24 19:49:23 2001)




----- Original Message -----
From: "Jon Reynolds" <proteon at gci.net>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Friday, July 27, 2001 6:16 PM
Subject: [luau] RE: more attacks


> Warren,
>
>   I would like to send you or Dusty my IP and let you scan me, I dont have
> an email address that i can send it to you securely. If you do give me
your
> personal email I will only use it this one time for this purpose only. I
> have recently been to securityfocus.org and reading what they have and am
> considering purchasing the book Maximum Security for Linux. If you know of
a
> book that you would consider an invaluable tool in locking down systems I
> would be very interested in the title.
>
> Jon



More information about the LUAU mailing list