Linux

curious port scan

10 posts in this topic

Hi guys, this is a FreeBSD 6.0 server. What does this portscan result mean? Never seen this:

PORT STATE SERVICE VERSION

1/tcp open tcpmux?

2/tcp open compressnet?

3/tcp open compressnet?

4/tcp open unknown

5/tcp open rje?

6/tcp open unknown

7/tcp open echo?

8/tcp open unknown

9/tcp open discard?

10/tcp open unknown

(11-79: open tcpwrapped)

80/tcp open http Apache httpd

(81-184/tcp open tcpwrapped)

185/tcp open remote-kis?

186-205/tcp open tcpwrapped

206/tcp open tcpwrapped

207/tcp open at-7?

208/tcp open tcpwrapped

209/tcp open tcpwrapped

210/tcp open tcpwrapped

211/tcp open 914c-g?

212-430/tcp open tcpwrapped

431/tcp open utmpcd?

432/tcp open tcpwrapped--->

479/tcp open tcpwrapped

480/tcp open loadsrv?

481/tcp open tcpwrapped----->

537/tcp open tcpwrapped

538/tcp open gdomap?

539/tcp open tcpwrapped---->

914/tcp open tcpwrapped

915/tcp open unknown

916/tcp open tcpwrapped----->

1033/tcp open tcpwrapped

*OK, you guys get the point, from here on, most of teh ports in between are "open tcpwrapped"

but not ALL of them.

3421/tcp open bmap?

5801/tcp open vnc-http-1?

7002/tcp open afs3-prserver?

9100/tcp open jetdirect?

13717/tcp open VeritasNetbackup?

------>

65301/tcp open tcpwrapped

My question is, what is tcpwrapped?

0

Share this post


Link to post
Share on other sites

almost certain it is not a honeypot.

P.S. How can you recognize a Windows XP Domain controller? This I have searched for all afternoon but have not found good tutes.

Thanks

0

Share this post


Link to post
Share on other sites

You will rarely find any domain controllers through the Internet. 99.9% of them will be inside of a private network with private IP addressing. That other 0.1%, find an insecure company with an insecure VPN. This is from my opinion.

0

Share this post


Link to post
Share on other sites

This just looks like a case of a user installing too many apps and not configuring them properly. It has multiple TCP and web related ports. With so many open, I'd say the user hasn't a clue how many things are open. It's probably an unpatched server.

0

Share this post


Link to post
Share on other sites
almost certain it is not a honeypot.

P.S. How can you recognize a Windows XP Domain controller? This I have searched for all afternoon but have not found good tutes.

Thanks

XP Domain controller? They don't exist. Try searching for Server 2003 instead.

Also, you can try scanning these ports for Active Directory and LDAP

* TCP port 389 for client communications

* TCP port 636 for SSL communications

* TCP port 3268 for communications to Global Catalog server

* TCP port 3269 for SSL communications to Global Catalog server

0

Share this post


Link to post
Share on other sites
Hi guys, this is a FreeBSD 6.0 server. What does this portscan result mean? Never seen this:

PORT STATE SERVICE VERSION

1/tcp open tcpmux?

2/tcp open compressnet?

3/tcp open compressnet?

4/tcp open unknown

5/tcp open rje?

6/tcp open unknown

7/tcp open echo?

8/tcp open unknown

9/tcp open discard?

10/tcp open unknown

(11-79: open tcpwrapped)

80/tcp open http Apache httpd

(81-184/tcp open tcpwrapped)

185/tcp open remote-kis?

186-205/tcp open tcpwrapped

206/tcp open tcpwrapped

207/tcp open at-7?

208/tcp open tcpwrapped

209/tcp open tcpwrapped

210/tcp open tcpwrapped

211/tcp open 914c-g?

212-430/tcp open tcpwrapped

431/tcp open utmpcd?

432/tcp open tcpwrapped--->

479/tcp open tcpwrapped

480/tcp open loadsrv?

481/tcp open tcpwrapped----->

537/tcp open tcpwrapped

538/tcp open gdomap?

539/tcp open tcpwrapped---->

914/tcp open tcpwrapped

915/tcp open unknown

916/tcp open tcpwrapped----->

1033/tcp open tcpwrapped

*OK, you guys get the point, from here on, most of teh ports in between are "open tcpwrapped"

but not ALL of them.

3421/tcp open bmap?

5801/tcp open vnc-http-1?

7002/tcp open afs3-prserver?

9100/tcp open jetdirect?

13717/tcp open VeritasNetbackup?

------>

65301/tcp open tcpwrapped

My question is, what is tcpwrapped?

hey pass the IP onto me please, in my opinion the freebsd box your hitting is a firewall.

0

Share this post


Link to post
Share on other sites

Thanks guys for the replies! I need to look into tcpwrapped and general firewall stuff! Right now I am playing with Smoothwall here at the house, so hopefully I'll be able to monkey around with things abit.

Edited by Linux
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now