Angeblich offene ports bei Debain Woody

Dietmar Goldbeck dietmar.goldbeck at acm.org
Mon Mar 4 21:57:12 CET 2002 

On Mon, Mar 04, 2002 at 06:59:56PM +0100, Bernhard Sadlowski wrote:
 
> Wieso zeigt also nmap (und auch damit nessus) das an? Ich sehe die
> Möglichkeiten:
> 

Du solltest auch das nächstliegende nicht beachten: 
RTFM vergessen :-)

aus man nmap:

             Unfortunately  UDP  scanning is sometimes painfully
              slow since most hosts implement a suggestion in RFC
              1812  (section  4.3.2.8) of limiting the ICMP error
              message rate.  For example, the  Linux  kernel  (in
              net/ipv4/icmp.h)   limits  destination  unreachable
              message generation to 80 per 4 seconds, with a  1/4
              second  penalty  if  that is exceeded.  Solaris has
              much more strict limits (about 2 messages per  sec­
              ond)  and  thus  takes  even  longer to scan.  nmap
              detects this rate limiting and slows  down  accord­
              ingly,  rather  than flood the network with useless
              packets that will be ignored by the target machine.


Sobald der Kernel mit rate-limiting started, listet nmap den Port
als offen. Du kannst mit 
echo 42  > icmp_destunreach_rate
das rate limiting beeinflussen.

 > Was sagt das untere nmap Kommando bei euch?
> 
> ----------- 8< --------------------------------------------------------
> host-a# nmap -sU -v -p53,67,10498,27444,34555 host-b host-c
> 

Nach echo 0 > icmp_destunreach_rate auf gallium sagt es
All 5 scanned ports on gallium (192.168.16.2) are: closed

Nach echo 1000 > icmp_destunreach_rate sagt es:

The UDP Scan took 1 second to scan 5 ports.
Adding open port 53/udp
Adding open port 67/udp
Adding open port 34555/udp
Adding open port 27444/udp
Adding open port 10498/udp
Interesting ports on gallium (192.168.16.2):
Port       State       Service
53/udp     open        domain
67/udp     open        bootps
10498/udp  open        unknown
27444/udp  open        Trinoo_Bcast
34555/udp  open        unknown

   Ciao
    Dietmar

-- 
 Alles Gute / best wishes  
     Dietmar Goldbeck                E-Mail: dietmar.goldbeck at acm.org
Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western
Civilization?  Gandhi: I think it would be a good idea.

More information about the Linux mailing list