[ previous ] [ next ] [ threads ]
 From:  Chet Harvey <chet at pittech dot com>
 To:  Alex Sandini <asandini at blue dash chip dot be>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] tcp open ports on wan interface in 1.1
 Date:  Fri, 3 Sep 2004 12:18:29 -0400
Looking at the NMap output a few questions come to mind, A) does m0n0 plug 
directly into the internet connection or B) do you have a "modem" device 
between m0n0 and the outside?

I ask because the footprint is ID'd as "Panasonic IP Technology Broadband 
Networking Gateway, KX-HGW200".

When I run nessus or nmap against mine straight to the WAN interface (no router 
or modem in between) using version 1.1b15 it can not ID the OS but guesses it 
is Unix.

It could be your broadband router or modem that is actually responding.

Just a thought.

1 suggestion, move SSH off of port 22 and change the response field to not ID 
as SSH. I love watching people run RDP hacks on port 3389 which isn't RDP. I am 
freak like that =)

Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets

Quoting Alex Sandini <asandini at blue dash chip dot be>:

> /usr/local/bin/nmap -O -A -T4 example.com
> Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-09-03 13:03 
> Warning:  OS detection will be MUCH less reliable because we did not 
> find at least 1 open and 1 closed TCP port
> Interesting ports on example.com (xxx.xxx.xxx.xxx):
> (The 1656 ports scanned but not shown below are in state: filtered)
> 22/tcp   open  ssh           OpenSSH 3.9p1 (protocol 1.99)
> 389/tcp  open  ldap?
> 1002/tcp open  windows-icfw?
> 1720/tcp open  microsoft-rdp Microsoft Terminal Service (Used with 
> Netmeeting, Remote Desktop, Remote Assistance)
> Device type: general purpose|media device|broadband router
> Running: Linux 2.4.X, Pace embedded, Panasonic embedded
> OS details: Linux 2.4.6 - 2.4.21, Pace digital cable TV receiver, 
> Panasonic IP Technology Broadband Networking Gateway, KX-HGW200
> Nmap run completed -- 1 IP address (1 host up) scanned in 207.037 seconds
> nmap is ran from my office, the m0n0wall is at home.
> The only forwarded port is the 22.
> I can indeed connect to to ports 389, 1002 and 1720 from the WAN interface.
> The telnet connections on are not shown when typing netstat -an in exec.php.
> Any can confirm/explain this?
> Cheers,
> Alex
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch