As an aside, yet on a similar note, I've found that if you run portsentry in a non-stealth mode and run nmap you'll start thinking you were hit with just about every rootkit and trojan under the sky. Nearly had myself a heartattack when I scanned my box, only to find Netbus, Trinoo, Elite, bindshell and a bunch of other stuff. Turns out portsentry (partially) opens ports, waits for connection attempts on those ports and deals with them at that time. Thought others out there may have wanted to know this and avoid leaving a mess in their underwear!
J. -----Original Message----- From: Antony Stone [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 8:09 AM To: [EMAIL PROTECTED] Subject: Re: Listening port Found with Nmap? On Friday 22 March 2002 12:26 pm, Christopher C. Northrop wrote: > I am starting to believe there is an issue with nmap. I thought it was > Iptables at first but after further investigation I found Nmap flawed. > > What I did.. > > nmap -sU -p0 -p 135-139 HOST-IP > > This returned open on all ports. Of course I started to freak.. But when I > did this.. > > nmap -sU -p0 -p 100-139 HOST-IP > > I got a no ports open.. I'm going to post this in the nmap list and see > what they say.. Hmmm. nmap doesn't do this for me (I've just tried version 2.53, and 2.54beta31). Both scans return all tested ports closed - perfectly consistent with each other. Antony.
