| View previous topic :: View next topic |
| Author |
Message |
d11wtq
Apprentice
Joined: 14 Jul 2005
Posts: 192
Location: Manchester, UK
|
 Posted: Thu Jan 05, 2006 2:25 am Post subject: Strange nmap behaviour |
 |
|
I've just run an nmap on my VDS server... It's the first time I've run this but I'm confused here.
When run locally (but still using the external domain name) I get this back:
| Code: |
(The 1660 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 1.591 seconds |
That's what I expected so I was quite happy.
Now I run it from my desktop PC at home to that exact same machine:
| Code: |
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
1720/tcp filtered H.323/Q.931
3306/tcp open mysql
5190/tcp open aol
6969/tcp filtered acmsoda
Nmap finished: 1 IP address (1 host up) scanned in 9.481 seconds
|
What the different results? There's 3 extra services visible from the other machine and I don't recognise any of them 
Looks dodgey to me.... AOL 5190 is apparently AOL's Instant Messenger file transfer protocol port  I'm a bit worried my box has been compromised.
I ran a ps aux | grep -i aol to no avail.
Here's a full ps aux
| Code: |
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 1416 416 ? S 2005 0:07 init [3]
root 2 0.0 0.0 0 0 ? SWN 2005 0:00 [ksoftirqd/0]
root 3 0.0 0.0 0 0 ? SW< 2005 0:00 [events/0]
root 4 0.0 0.0 0 0 ? SW< 2005 0:00 [khelper]
root 5 0.0 0.0 0 0 ? SW< 2005 0:00 [kthread]
root 6 0.0 0.0 0 0 ? SW< 2005 0:00 [kblockd/0]
root 10 0.0 0.0 0 0 ? SW< 2005 0:00 [aio/0]
root 9 0.0 0.0 0 0 ? SW 2005 0:00 [kswapd0]
root 11 0.0 0.0 0 0 ? SW 2005 0:01 [kjournald]
root 120 0.0 0.5 1624 668 ? S 2005 0:00 /sbin/devfsd /dev
root 602 0.0 0.6 3308 820 ? S 2005 0:02 /usr/sbin/sshd
root 749 0.0 0.5 1796 756 ? S 2005 0:24 /usr/sbin/syslog-ng
postgres 1082 0.0 0.7 16564 900 ? S 2005 0:00 /usr/bin/postmaster -D /var/lib/postgresql/data
postgres 1085 0.0 0.7 16564 976 ? S 2005 0:17 postgres: writer process
postgres 1086 0.0 0.6 7480 872 ? S 2005 0:01 postgres: stats buffer process
postgres 1087 0.0 0.6 6652 844 ? S 2005 0:00 postgres: stats collector process
root 1230 0.0 0.3 1448 468 tty0 S 2005 0:00 /sbin/agetty 38400 vc/0 linux
nobody 1444 0.0 0.4 2164 616 ? S 2005 0:05 proftpd: (accepting connections)
root 21825 0.0 0.6 5936 804 ? S 2005 0:00 sshd: d11wtq [priv]
d11wtq 21828 0.0 0.7 6292 896 ? S 2005 0:02 sshd: d11wtq@pts/2
d11wtq 21829 0.0 0.6 2476 796 pts/2 S 2005 0:00 -bash
root 21835 0.0 0.4 2132 516 pts/2 S 2005 0:00 su -
root 21837 0.0 0.6 2212 792 pts/2 S 2005 0:00 -bash
d11wtq 344 0.0 0.8 3948 1076 ? S 2005 0:06 imapd
root 25701 0.0 0.7 5760 1004 ? S 2005 1:07 /usr/sbin/pdns_server --daemon --guardian=yes
root 25702 0.0 0.7 5760 1004 ? S 2005 0:03 /usr/sbin/pdns_server --daemon --guardian=yes
root 25703 0.0 0.7 5760 1004 ? S 2005 0:00 /usr/sbin/pdns_server --daemon --guardian=yes
root 13526 0.0 0.7 21396 1000 ? S Jan02 0:00 /usr/sbin/spamd -d -r /var/run/spamd.pid -m 5 -c -H
root 13532 0.0 11.9 23152 15208 ? S Jan02 0:08 spamd child
root 13533 0.0 12.0 23068 15240 ? S Jan02 0:07 spamd child
root 13534 0.0 11.6 22964 14808 ? S Jan02 0:06 spamd child
root 13535 0.0 11.9 23016 15200 ? S Jan02 0:07 spamd child
root 13536 0.0 11.6 22888 14792 ? S Jan02 0:07 spamd child
root 13721 0.0 0.9 5936 1212 ? S Jan03 0:00 sshd: d11wtq [priv]
d11wtq 13724 0.0 1.1 6296 1396 ? S Jan03 0:00 sshd: d11wtq@pts/0
d11wtq 13725 0.0 0.6 2476 796 pts/0 S Jan03 0:00 -bash
root 13732 0.0 0.4 2132 580 pts/0 S Jan03 0:00 su -
root 13733 0.0 0.6 2216 840 pts/0 S Jan03 0:00 -bash
root 13743 0.0 0.3 1956 476 pts/0 S Jan03 0:01 tail -n 50 -f /var/log/messages
root 13744 0.0 1.0 5936 1316 ? S Jan03 0:00 sshd: d11wtq [priv]
d11wtq 13747 0.0 1.1 6504 1468 ? S Jan03 0:15 sshd: d11wtq@pts/1
d11wtq 13748 0.0 0.6 2476 796 pts/1 S Jan03 0:00 -bash
root 14254 0.0 0.4 2132 580 pts/1 S Jan03 0:00 su
root 14255 0.0 0.9 2216 1212 pts/1 S Jan03 0:00 bash
root 14388 0.0 0.8 10980 1040 ? S Jan03 0:01 /usr/local/apache/bin/httpd -k start
root 15544 0.0 0.9 5936 1212 ? S Jan04 0:00 sshd: d11wtq [priv]
d11wtq 15548 0.0 1.1 6308 1400 ? S Jan04 0:00 sshd: d11wtq@pts/3
d11wtq 15549 0.0 0.6 2476 796 pts/3 S Jan04 0:00 -bash
root 15555 0.0 0.4 2132 580 pts/3 S Jan04 0:00 su -
root 15556 0.0 0.6 2212 792 pts/3 S Jan04 0:00 -bash
root 15561 0.0 0.3 1956 432 pts/3 S Jan04 0:00 tail -f /var/log/messages
root 15667 0.0 1.1 5936 1512 ? S Jan04 0:00 sshd: d11wtq [priv]
d11wtq 15670 0.0 1.2 6300 1576 ? S Jan04 0:00 sshd: d11wtq@pts/4
d11wtq 15671 0.0 0.7 2476 892 pts/4 S Jan04 0:00 -bash
root 15689 0.0 0.4 2132 580 pts/4 S Jan04 0:00 su
root 15690 0.0 0.6 2216 792 pts/4 S Jan04 0:00 bash
mail 15823 0.0 1.1 6204 1484 pts/4 T Jan04 0:00 exim -bs
root 16418 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16419 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16420 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16421 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16422 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16423 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16424 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16425 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16426 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16431 0.0 1.1 20572 1440 ? S Jan04 0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
root 16505 0.0 1.1 5936 1520 ? S Jan04 0:00 sshd: d11wtq [priv]
d11wtq 16508 0.0 1.3 6300 1768 ? S Jan04 0:00 sshd: d11wtq@pts/5
d11wtq 16509 0.0 0.6 2476 800 pts/5 S Jan04 0:00 -bash
root 16526 0.0 0.4 2132 580 pts/5 S Jan04 0:00 su
root 16527 0.0 0.8 2212 1132 pts/5 S Jan04 0:00 bash
root 16663 0.0 0.6 2212 792 pts/1 S Jan04 0:00 /bin/sh ./bin/mysqld_safe --datadir=/usr/local/mysql/data --pimysql 16690 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16691 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16692 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16693 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16694 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16695 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16698 0.0 2.3 34456 3004 pts/1 S Jan04 0:03 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16699 0.0 2.3 34456 3004 pts/1 S Jan04 0:02 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16700 0.0 2.3 34456 3004 pts/1 S Jan04 0:00 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mmysql 16701 0.0 2.3 34456 3004 pts/1 S Jan04 0:01 /usr/local/mysql/bin/mysqld --defaults-extra-file=/usr/local/mroot 16723 0.0 0.0 0 0 ? SW Jan04 0:00 [pdflush]
d11wtq 17329 0.0 0.9 4052 1160 ? S Jan04 0:00 imapd
d11wtq 17418 0.0 1.0 3948 1380 ? S Jan04 0:00 imapd
d11wtq 17421 0.0 1.0 3948 1280 ? S Jan04 0:00 imapd
nobody 17432 0.0 4.9 15224 6304 ? S Jan04 0:00 /usr/local/apache/bin/httpd -k start
nobody 17433 0.0 5.9 14984 7556 ? S Jan04 0:00 /usr/local/apache/bin/httpd -k start
d11wtq 18535 0.0 1.1 3948 1412 ? S 00:07 0:00 imapd
d11wtq 18602 0.0 1.0 3948 1340 ? S 00:24 0:00 imapd
d11wtq 18603 0.0 1.0 3948 1308 ? S 00:26 0:00 imapd
d11wtq 18639 0.0 1.0 3948 1288 ? S 00:28 0:00 imapd
d11wtq 18640 0.0 0.9 3948 1264 ? S 00:29 0:00 imapd
d11wtq 18641 0.0 0.8 3948 1116 ? S 00:29 0:00 imapd
mail 18785 0.0 1.1 6176 1460 ? S 00:35 0:00 /usr/sbin/exim -bd -q15m
d11wtq 19026 0.0 1.0 3948 1292 ? S 00:41 0:00 imapd
root 19148 0.0 0.5 2060 756 ? S 00:46 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -reusroot 19301 0.0 0.0 0 0 ? SW 00:58 0:00 [pdflush]
d11wtq 20665 0.0 1.1 3948 1500 ? S 02:01 0:00 imapd
d11wtq 21142 0.0 1.1 3948 1492 ? S 02:21 0:00 imapd
d11wtq 21143 0.0 1.1 3948 1488 ? S 02:21 0:00 imapd
root 21144 4.0 0.6 2388 792 pts/1 R 02:23 0:00 ps aux
|
The services I run are PowerDNS, Exim, IMAP, FTP, SSH, HTTP, MySQL so that's all that should be open I'm sure... The VDS Gentoo that's running was an image that my ISP mounted to my VDS for me so it was pretty much preconfigured and I wonder if they have services running for the function of the UML/VDS.
Any advice?  |
|
| Back to top |
|
 |
d11wtq
Apprentice
Joined: 14 Jul 2005
Posts: 192
Location: Manchester, UK
|
| Posted: Thu Jan 05, 2006 1:01 pm Post subject: |
|
|
Weird... now I'm trying from a server at work and getting the good results again.
Back at home, if my flat mate tries it from his PC he gets the dodgey looking results
So it looks like there's something affecting the nmap on our Internet connection... I'll have to look into this Unless it's anything to do with the fact we have a wireless router with a firewall on it.... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
