Results 1 to 9 of 9
  1. #1

    NMAP - strange output :S

    hi everyone;

    I have a problem with this command, It is showing a strange output where all ports are closed

    [root@server root]# nmap -p 1-65535 localhost

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    All 65535 scanned ports on server (127.0.0.1) are: closed

    Nmap run completed -- 1 IP address (1 host up) scanned in 52 seconds



    As you can see this is impossible cause' I'm connected to ssh and apache is running to...

    If I run "nmap" to look in a particular port as 80, it shows:

    [root@server root]# nmap -p 80 localhost

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on server (127.0.0.1):
    Port State Service
    Unable to find nmap-services! Resorting to /etc/services
    80/tcp open http

    Nmap run completed -- 1 IP address (1 host up) scanned in 1 second


    This sistem is running "Fedora Core release 2 (Tettnang)" with all last updates installed. I run rkhunter to see if binary is corrupted, but its not...

    Any idea?

    Thanks for your help;

    Luciano Tourreilles.

  2. #2
    Join Date
    May 2005
    Posts
    67
    Have you run nmap replacing localhost with your IP address? Are you are a VPS box by chance? Just a thought.

  3. #3
    hi debrown3rd;

    Yes I did, I replaced "localhost" for the public IP, and it still shows the same output. This is a plain host without CPs, only apache and sendmail running.

    Thanks for you response;

    Luciano.

  4. #4
    Join Date
    Aug 2002
    Location
    here
    Posts
    1,566
    try
    nmap localhost
    then from another box
    nmap yourip#onotherbox
    Dave

  5. #5
    I need to run the nmap locally to add its output to daily reports. I'm using portsentry to avoid external maps, so I need to run it locally

    Thanks for your help;

    Lucho.

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    why not just do netstat -lntpe / netstat -lnupe. You mentioned portsentry which leaves me to belive its checking on the localhost aswell.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  7. #7
    portsentry is configured to ignore local interfases...by the way, stopping portsentry daemon didnt work

    I tried reinstalling nmap RPM, copying the binary from another server where it work properly, and nothing still showing the same..

    Regards;

    Luciano

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    are you using any iptables rules?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Yes thelinuxguy, you were right !! There was the problem, I need to tune the "synflooding" statement now, to let nmap explore all ports properly.

    Thank you very much for your help!

    Luciano.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •