[Dshield] little experiment

Jonathan C. Webster jwebster03 at snet.net
Tue Mar 1 02:59:18 GMT 2005


Interesting: My NATing router/firewall is  a Netgear FVS318 v1. NOTHING is supposed to be open.
The Linux boxes in my tiny network do not listen on those ports.
  Probes to both ports 53  and 137 *DO* show up in the router log as being dropped,  137 very often.

 From your scan report:

Jonathan
___________________snip_________________________

Note! This scanner tends to show firewalled UDP ports as open!

Interesting ports on xxx.xxx.xxx.xxx.adsl.snet.net
PORT    STATE SERVICE     VERSION
53/udp  open  domain?
137/udp open  netbios-ns?

Nmap run completed -- 1 IP address (1 host up) scanned in 31.035 seconds

Quick guide to the results:
Filtered Ports: These ports are filtered by your firewall. The scanner can not tell if the port is open or 
closed. This is usually best.
Open Ports: Some server is accepting connections at this port, and no firewall is blocking it. This is bad, 
unless you want to permit access to this server.
Closed Ports: Your computer reset the connection as the scanner attempted to connect. Typically, this means 
that no firewall is protecting this port, but nothing is listening to accept any connections. This is ok, but 
it does make scanning your system faster.


Johannes B. Ullrich wrote:
> I setup a little experimental site that tries to do a couple simple 
> security checks based on browser id and such, and a portscan. I do need 
> a couple more people to see if it works / is helpful.
> 
> http://www.amihacked.com is the URL. Let me know if it works or where it 
> breaks. One of the goals is also to make some of the dshield information 
> a bit more accessible. We already have the 'are you hacked' banner, but 
> its a bit limited when it comes to the next step ("Why is the banner 
> flashing at me?").
> 
> thanks for any feedback.
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------- Sponsor Message ------------------------------------
> SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
> http://www.sans.org/orlando05
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list