Re: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

On Thu, 2011-02-24 at 15:31 +, Julien Reveret wrote: > [snip] > > It seems that mandriva already released an update for avahi : > > http://lists.grok.org.uk/pipermail/full-disclosure/2011-February/079525.html > > I guess you're facing the same issue. 0.6.28-4 has been accepted to unstable

Re: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

> Package: avahi-daemon > Version: 0.6.27-2 > Tags: security > Severity: critical > Justification: Introduces possible denial-of-service scenario. > > Hi, > > when I scan my server from another machine on the network using nmap, I > get this: [snip] It seems tha

Re: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

achine on the network using nmap, I > get this: > > # nmap -sU -p5353 192.168.2.2 > > Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-23 13:15 CET > Interesting ports on 192.168.2.2: > PORT STATE SERVICE > 5353/udp open|filtered zeroc

avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

Package: avahi-daemon Version: 0.6.27-2 Tags: security Severity: critical Justification: Introduces possible denial-of-service scenario. Hi, when I scan my server from another machine on the network using nmap, I get this: # nmap -sU -p5353 192.168.2.2 Starting Nmap 5.00 ( http

Re: nmap Xmas scans and unrecognized outcoming connections

Am Friday, den 7 December hub Martín Peluso folgendes in die Tasten: Hi! > Two days ago one of my machines started to receive several nmap Xmas > scans from 73.23.32.79. Later, in another machine which is running under > Debian etch, Firestarter showed me four outcoming connectio

nmap Xmas scans and unrecognized outcoming connections

Hello everybody Two days ago one of my machines started to receive several nmap Xmas scans from 73.23.32.79. Later, in another machine which is running under Debian etch, Firestarter showed me four outcoming connections to the same ip address with destination ports 80, 44285, 41182 and 43275

Re: iptables and nmap

You got it Tibor !!! I applied the command Andreas gave to me and tomcat55 listens on 8180. However, it does not resolve my firewall problem. I will explore differents ways that have been proposed to me. Thank to all of you, I will inform you on the state of things, Joan L

Re: iptables and nmap

Joan Hérisson wrote: Hello, Config: - Debian 2.4.18 - iptables with many rules Problems: - I have installed a tomcat 5.5 server. The server is unreachable (connection failed from locahost or another host on my local network). Hey Joan, how do You installed tomcat? Because, if installed fro

Re: iptables and nmap

Hi ! * Manuel García <[EMAIL PROTECTED]> [2007-06-07 10:01]: > On 6/7/07, Joan Hérisson <[EMAIL PROTECTED]> wrote: [...snip...] > > Results: > > - The server is still unreachable. > > - When I do nmap localhost, I have port 80 open but not 8080. > > - Whe

Re: iptables and nmap

Joan Hérisson wrote: Chain INPUT (policy DROP 17 packets, 1088 bytes) pkts bytes target prot opt in out source destination 164 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 225 18816 bad_tcp_packets tcp --

Re: iptables and nmap

t > 8080 -j allowed" As someone else mentioned, this should probably be -j ACCEPT > Results: > - The server is still unreachable. Are you actually seeing an error that says "unreachable"? That suggests a routing problem, or a prohibitive firewall rule be

Re: iptables and nmap

Ok, thank you for your answers. I will try to sum up mine. It is true that it is not me who wrote the firewall script and that I do not understand what all rules do. I tried different solutions that you proposed but none works, from localhost, local network or from the internet. The

Re: iptables and nmap

th1 is the way toward my local network > > Results: > - The server is still unreachable. > - When I do nmap localhost, I have port 80 open but > not 8080. > - When I comment out the line for port 80 in > firewall-start and I res

Re: iptables and nmap

0 > --dport > 8080 -j allowed" > where eth1 is the way toward my local network > > Results: > - The server is still unreachable. > - When I do nmap localhost, I have port 80 open but not 8080. > - W

Re: iptables and nmap

ard my local network Results: - The server is still unreachable. - When I do nmap localhost, I have port 80 open but not 8080. - When I comment out the line for port 80 in firewall-start and I restart firewall, I do nmap localhost, port 80 is still open. I do not find the link between iptables rules

Re: iptables and nmap

made by someone else, and that script is too complicated to understand for anyone else than author. IMHO it's always better to make your own script that has only the rules you really need and understand. > Results: > - The server is still unreachable. >

Re: iptables and nmap

8080 -j allowed" where eth1 is the way toward my local network Results: - The server is still unreachable. - When I do nmap localhost, I have port 80 open but not 8080. - When I comment out the line for port 80 in firewall-start and I restart firewall, I do nmap localhost, port 80 i

iptables and nmap

-i eth1 -s 0/0 --dport 8080 -j allowed" where eth1 is the way toward my local network Results: - The server is still unreachable. - When I do nmap localhost, I have port 80 open but not 8080. - When I comment out the line for

Re: X security (was Re: nmap -sT and open ports from a friends)

On Fri, Feb 03, 2006 at 06:33:30PM -0500, Daniel Sterling wrote: > Adding a firewall will only help things, and it certainly can't hurt. This is generally true, but an improperly configured firewall can be worse than no firewall. If it creates new vulnerabilities, or if it is obtrusive and causes

Re: nmap -sT and open ports from a friends

> The 'filtered' ones are probably filtered by your ISP. I can understand (but > don't share) why they block port 25 or port 445) but I wonder why a ISP > would filter out port 80, aren't people allowed to have a web server at home? I don't know if you remember the CodeRed and Nimba worms that wer

X security (was Re: nmap -sT and open ports from a friends)

X in Debian by default uses -nolisten tcp, why is it open? Also, read the XSecurity man page-- just because the port is open does not mean it is accessible. However, you should as a rule disable anything that listens to the internet if you don't need it. You should also, if possible, use hos

Re: nmap -sT and open ports from a friends

On Fri, Feb 03, 2006 at 11:02:33PM +0100, [EMAIL PROTECTED] wrote: > Hi, > > this is the nmap -sT scan from a friend: I guess you both are not in the same ISP > > > nmap -sT internet_address > > Port State Service > 25/tcp filteredsmtp > 46

Re: nmap -sT and open ports from a friends

h of you should setup iptables with a minimal set that either denys certain ports, or better yet, blocks-all and only allows-specified. [EMAIL PROTECTED] wrote: Hi, this is the nmap -sT scan from a friend: nmap -sT internet_address Port State Service 25/tcp filte

nmap -sT and open ports from a friends

Hi, this is the nmap -sT scan from a friend: > nmap -sT internet_address Port State Service 25/tcp filteredsmtp 46/tcp openmpm-snd 80/tcp filtered http 119/tcp open nntp 445/tcp filtered microsoft-ds 1080/tcp filtered so

Re: nmap ...

On Mon, Nov 05, 2001 at 10:24:34PM +0100, Philipp Schulte wrote: >Thats not true. nmap shows "open" ports which means that something is >listening on them. If I connect from localhost:1024 to >www.debian.org:80 that does not mean that my port 1024 is open. It >doesn

Re: nmap ...

On Mon, Nov 05, 2001 at 10:24:34PM +0100, Philipp Schulte wrote: >Thats not true. nmap shows "open" ports which means that something is >listening on them. If I connect from localhost:1024 to >www.debian.org:80 that does not mean that my port 1024 is open. It >doesn

Re: nmap ...

ort 55234 to 80, or 1025 to 80. Open > ports above 1024 will appear and disappear regularly as the system is used. Thats not true. nmap shows "open" ports which means that something is listening on them. If I connect from localhost:1024 to www.debian.org:80 that does not mean that my p

Re: nmap ...

ort 55234 to 80, or 1025 to 80. Open > ports above 1024 will appear and disappear regularly as the system is used. Thats not true. nmap shows "open" ports which means that something is listening on them. If I connect from localhost:1024 to www.debian.org:80 that does not mean that my p

Re: nmap ...

[EMAIL PROTECTED] wrote: 2020opentcpxinupageserver 2020 ??? the port is not the same every time Ports that are >1024 are assigned dynamically. For instance, suppose you connect to a remote website. You are connecting to port 80 on the remot

Re: nmap ...

[EMAIL PROTECTED] wrote: >2020opentcpxinupageserver > >2020 ??? > >the port is not the same every time > Ports that are >1024 are assigned dynamically. For instance, suppose you connect to a remote website. You are connecting to port 80 on the

Re: nmap ...

et. so like if that port is always changing perhaps there is traffic on your network,and the windows applications connect to the internet on those ports.note them and mail them here :> Dani, hackers unsupport. sli> hi, when I make nmap I read my open ports more one suspect (every time is sli&g

Re: nmap ...

[EMAIL PROTECTED] writes: > hi, when I make nmap I read my open ports more one suspect (every > time is one new port). So I make nmap another time and I read my > realy open ports without the last. I saw this, too. That nmap version (at least the one from Potato) seems to be buggy.

Re: nmap ...

et. so like if that port is always changing perhaps there is traffic on your network,and the windows applications connect to the internet on those ports.note them and mail them here :> Dani, hackers unsupport. sli> hi, when I make nmap I read my open ports more one suspect (every time is sli&g

Re: nmap ...

[EMAIL PROTECTED] writes: > hi, when I make nmap I read my open ports more one suspect (every > time is one new port). So I make nmap another time and I read my > realy open ports without the last. I saw this, too. That nmap version (at least the one from Potato) seems to be buggy.

nmap ...

hi, when I make nmap I read my open ports more one suspect (every time is one new port). So I make nmap another time and I read my realy open ports without the last. ? what is it ? example: [EMAIL PROTECTED]:~$ nmap debian Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED

nmap ...

hi, when I make nmap I read my open ports more one suspect (every time is one new port). So I make nmap another time and I read my realy open ports without the last. ? what is it ? example: seba@debian:~$ nmap debian Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org

Re: nmap 2.12

Hubert Chan <[EMAIL PROTECTED]> writes: > > "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes: > > Olaf> On a really secure box I wouldn't want to have the build > Olaf> environment needed to do this. Perhaps on another reasonably > Olaf> secure box where I am the one and only normal user

Re: nmap 2.12

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes: Olaf> On a really secure box I wouldn't want to have the build Olaf> environment needed to do this. Perhaps on another reasonably Olaf> secure box where I am the one and only normal user, bu

Re: nmap 2.12

Hubert Chan <[EMAIL PROTECTED]> writes: > > "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes: > > Olaf> On a really secure box I wouldn't want to have the build > Olaf> environment needed to do this. Perhaps on another reasonably > Olaf> secure box where I am the one and only normal use

Re: nmap 2.12

to it. Okay, ocassionally a new upgrade (e.g. 2.2r1 to > > 2.2r2) may fix some serious breakage as well, but that's about it. > > Indeed. > > > If you want more recent versions of various packages, point yourself at > > 'testing' or 'unstable'. My nmap

Re: nmap 2.12

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes: Olaf> On a really secure box I wouldn't want to have the build Olaf> environment needed to do this. Perhaps on another reasonably Olaf> secure box where I am the one and only normal user, b

Re: nmap 2.12

us breakage as well, but that's about it. Indeed. > If you want more recent versions of various packages, point yourself at > 'testing' or 'unstable'. My nmap is 2.54.22.BETA-2 (from testing) which > beats your 2.53. The preference functionality in apt should let yo

Re: nmap 2.12

Gregoire Welraeds <[EMAIL PROTECTED]> writes: > I have recently installed a basic potato on a PII. While playing a little bit > around a find that the provided nmap was only a 2.12 version. It is a rather > old version of nmap (I have a 2.53 installed on a SuSE 6.3). > &g

Re: nmap 2.12

On Sun, Jun 17, 2001 at 09:52:50PM +0200, Gregoire Welraeds wrote: > Hello, > > I have recently installed a basic potato on a PII. While playing a little bit > around a find that the provided nmap was only a 2.12 version. It is a rather > old version of nmap (I have a 2.53 installe

Re: nmap 2.12

to it. Okay, ocassionally a new upgrade (e.g. 2.2r1 to > > 2.2r2) may fix some serious breakage as well, but that's about it. > > Indeed. > > > If you want more recent versions of various packages, point yourself at > > 'testing' or 'unstable'. My nmap

nmap 2.12

Hello, I have recently installed a basic potato on a PII. While playing a little bit around a find that the provided nmap was only a 2.12 version. It is a rather old version of nmap (I have a 2.53 installed on a SuSE 6.3). Is there any known reason for this choice ? Grégoire Welraeds

Re: nmap 2.12

us breakage as well, but that's about it. Indeed. > If you want more recent versions of various packages, point yourself at > 'testing' or 'unstable'. My nmap is 2.54.22.BETA-2 (from testing) which > beats your 2.53. The preference functionality in apt should let yo

Re: nmap 2.12

Gregoire Welraeds <[EMAIL PROTECTED]> writes: > I have recently installed a basic potato on a PII. While playing a little bit > around a find that the provided nmap was only a 2.12 version. It is a rather > old version of nmap (I have a 2.53 installed on a SuSE 6.3). > &g

Re: nmap 2.12

On Sun, Jun 17, 2001 at 09:52:50PM +0200, Gregoire Welraeds wrote: > Hello, > > I have recently installed a basic potato on a PII. While playing a little bit > around a find that the provided nmap was only a 2.12 version. It is a rather > old version of nmap (I have a 2.53 inst

nmap 2.12

Hello, I have recently installed a basic potato on a PII. While playing a little bit around a find that the provided nmap was only a 2.12 version. It is a rather old version of nmap (I have a 2.53 installed on a SuSE 6.3). Is there any known reason for this choice ? Grégoire Welraeds

Re: fakebo vs nmap -sS (fwd)

on attempts to two ports. This does not constitute logging stealth-scan attempts from nmap - there are other toys available for that purpose. ~Tim - -- | Geek Code: GCS dpu s-:+ a-- C UBLUAVHSC P+++ L++ E--- W+++(--) N++ | w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-

Re: fakebo vs nmap -sS (fwd)

Wichert Akkerman wrote: > It does not log portscans It does log portscans. Give it a try, and you'll see it. It is also true that fakebo does more than symply logging the port scans, that is the reason why I like it. Sergio

Re: fakebo vs nmap -sS (fwd)

Previously Jacob Kuntz wrote: > although this isn't really the right forum for this, sergio has a point. > what he's saying is that either fakebo or nmap aren't working as advertised. fakebo is advertised to `fake' bo servers, and that is exactly what it does. It doe

Re: fakebo vs nmap -sS (fwd)

Previously Sergio Brandano wrote: > I noted that fakebo does not report scans promoted using "nmap -sS". Why should it? Wichert. -- / Generally uninteresting signature - ignore at your convenience \ | [EM

Re: fakebo vs nmap -sS (fwd)

although this isn't really the right forum for this, sergio has a point. what he's saying is that either fakebo or nmap aren't working as advertised. sergio, get in touch with the fakebo or nmap authors. it's not really debian's fault. Alexander Hvostov ([EMAIL PR

Re: fakebo vs nmap -sS (fwd)

: > > --- Forwarded Message > > Date: Tue, 04 Apr 2000 11:22:11 + > From: Sergio Brandano <[EMAIL PROTECTED]> > Organization: Queen Mary and Westfield College > To: [EMAIL PROTECTED] > Subject: fakebo vs nmap -sS > > Hi, > > I noted that fakebo

fakebo vs nmap -sS (fwd)

--- Forwarded Message Date: Tue, 04 Apr 2000 11:22:11 + From: Sergio Brandano <[EMAIL PROTECTED]> Organization: Queen Mary and Westfield College To: [EMAIL PROTECTED] Subject: fakebo vs nmap -sS Hi, I noted that fakebo does not report scans promoted using "nmap -sS".