Questions tagged [port-scanning]
The port-scanning tag has no usage guidance.
83
questions
75
votes
12
answers
38k
views
Does changing default port number actually increase security? [closed]
I have seen advice saying you should use different port numbers for private applications (e.g. intranet, private database, anything that no outsider will use).
I am not entirely convinced that can ...
25
votes
1
answer
24k
views
Displaying nmap result gradually as results are found
To get nmap results, one has to wait for the end of the scan.
How can I force nmap to gradually display the newly found hosts and open ports while it is running?
12
votes
4
answers
45k
views
Is there a way to see what is actually filtering TCP port communication?
nmap -p 7000-7020 10.1.1.1
Will output all the filtered ports
Starting Nmap 6.40 ( http://nmap.org ) at 2015-03-04 12:18 EET
Nmap scan report for 10.1.1.1
Host is up (0.00091s latency).
PORT ...
7
votes
9
answers
1k
views
Network vulnerability and port scanning services
I'm setting up a periodic port scan and vulnerability scan for a medium-sized network implementing a customer-facing web application. The hosts run CentOS 5.4.
I've used tools like Nmap and OpenVAS, ...
4
votes
2
answers
30k
views
What is msrpc needed for on a Windows 7 workstation
I just ran an nmap scan against our network, and many Windows 7 machines have several high ports listening with Microsoft Windows RPC. Example:
Port Serv Process name
49152, msrpc [wininit.exe]
...
4
votes
1
answer
6k
views
NMAP (or other) continuous port scan until it returns open?
Is there a way with nmap or anything else to do a continuous port scan, say on port 22, until the service comes up and the port is coming back as open?
Kind of like you may have an infinite ping ...
4
votes
3
answers
2k
views
IPv6 replacement for scanning IP range
Under IPv4, I often use nmap to scan my entire IP range to identify newly-connected devices and update my documentation, track down and shut off things that don't belong on the network, etc. I even ...
4
votes
2
answers
2k
views
Server is listening in Port 110 and I can't find any way to disable or block it
I have a Windows 2012 R2 server used as web server, with ports for web (80, 443, and 8080) open for public sites hosted on it. Doing some security checks on it, I found it's listening on port 110 too:
...
4
votes
2
answers
1k
views
Best way to determine if IPs in a subnet are up or down in Linux
I have a simple method that I am using on four subnets to determine which registered IPs are actually up and active, and which ones can be removed.
Initially, I iterate through the list of domain ...
3
votes
5
answers
14k
views
Can't get nmap to work under Windows 7 64 bit
I'm trying to install and run the nmap tool to test my server, but it keeps saying
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
and showing all the server ports ...
3
votes
6
answers
12k
views
Detect computer which does port scanning
I have about 15 computers on a local network behind simple TP-LINK TL-WR340G router. Everything works fine and the router does its job.
Recently we were informed that port scanning is being performed ...
3
votes
1
answer
4k
views
CentOS 7 SNMP port always closed
I have a CentOS 7 server in which I opened up ports for SNMP connections.
Even though I can see the ports open here:
[matias@Centos_7_VM ~]$ sudo firewall-cmd --list-all
[sudo] password for matias:
...
3
votes
2
answers
3k
views
Weird Port scanning results using nmap
I was scanning one of my friends servers using nmap and got these port details.
PORT STATE SERVICE
22/tcp open ssh
42/tcp filtered nameserver
80/tcp open http
111/tcp open ...
3
votes
2
answers
123
views
Finding XP boxes on our intranet
We're out on a mission to find and eradicate XP boxes on our intranet.
Now we're wondering what the fastest (scan) method might be --XP boxes connected to our active directory have already been ...
3
votes
1
answer
3k
views
Windows Filtering Platform dropping SQL Server connections
I've been investigating connection issues between my web server (Web01) and a database server (Database01). My current setup:
Web01 - two NICs, one external (firewalled), one internal (not firewalled)...
3
votes
1
answer
748
views
Scan SSH for offered authentication options
I'd like to scan our network (IPv4 and IPv6) for ssh and find the offered authentication options.
Ultimately I'd like to end up with a parseable list[1] of hosts that contains the following info:
IP ...
2
votes
4
answers
7k
views
Port-scanning on Cisco router with Nmap
I have Cisco 2911 router just booted with factory settings and no ACLs or NAT configured. All I did is turned on the interfaces and assigned IPs.
I am trying to scan for open ports with Nmap, but the ...
2
votes
1
answer
210
views
How to test iptables settings by port scanning? [closed]
I want to test my iptables and prove that it only allows traffic for given Protocol / Port - combinations. How I can use as a target for a port scan?
2
votes
3
answers
8k
views
how to protect from port scanning a windows server 2008
I am search to find a program, or a way to block ips that make port scan on the server.
The goal is to hide some ports like remote desktop on a different port. So some are search the port with port ...
2
votes
3
answers
6k
views
Port scanning and Windows Firewall
I am trying to understand the results I am getting when scanning ports on a machine that has an active built-in Windows Firewall. My test environment has two Windows 7 machines running in Hyper-V VMs ...
2
votes
1
answer
11k
views
What is the fastest way to scan all ports of a single maching using tcp scan
After reading this post here, from security.stackexchange, I was wondering what is the best way to scan all ports of a single maching using tcp scan only.
"nmap -sT -p 1-65535 localhost" is what I ...
2
votes
1
answer
653
views
Service pn-requester (2717) port information
I have not found big information on the internet about what does this service and for what is used.
I apreciate if someone can explain to me a little.
Thank you
2
votes
1
answer
6k
views
Nmap unable to resolve hostnames
I have tried running several nmap commands and I can't get the results to return host names. My results look like this:
Nmap scan report for 10.2.16.253
Host is up (0.0025s latency).
All 1000 scanned ...
2
votes
1
answer
276
views
Are random packets normal?
About a month ago on one of my servers I started receiving random packets from IPs all over the world. So I did the smart thing and stopped putting off installing an IDS. This IDS is a ClearOS Gateway ...
2
votes
0
answers
847
views
Efficient way to prevent UDP port scan
I have a Ubuntu server, there are services public in some ports, include TCP and UDP, and trying to protect it against port scanner (TCP and UDP). The TCP scanner block is done by using "recent" ...
2
votes
2
answers
1k
views
How to prevent port scanning by VPN users on a CentOS VPN gateway
I'm using CentOS as a VPN gateway.
Users connected to my server have access to the internet. The problem is that some of the users' computers are infected with some kind of worm, and as soon as they ...
1
vote
3
answers
62k
views
How can I find out if a port on a remote server is open as well as a service is listening on it?
I want to check if a set of ports are opened or closed on some remote servers. I went through various discussions on the subject and most of the people suggested to use nmap, nc and telnet <server-...
1
vote
2
answers
3k
views
Port Scanning Temporary Block on Linux Centos
I am running a VPS server (Linux CentOS) to provide web hosting for my clients.
Yesterday, one of my clients got blocked out by the LFD firewall on my server:
I got a server admin email notification ...
1
vote
2
answers
5k
views
pfSense and Snort: unexpected portscan traffic on interface
I have a pfSense box acting as my public facing router and stateful firewall.
There is 1 WAN interface and several LAN interfaces using private IPs behind NAT.
I EXPECT to see portscans or all kinds ...
1
vote
1
answer
2k
views
nmap shows strange open ports
Running nmap on my localhost shows me strange open ports:
$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0....
1
vote
2
answers
944
views
Linux/Bash: Test if my server is opened to the Internet programmatically/via CLI [closed]
RHEL 6 and Bash. It would be easy if I had a remote server to just run nmap from, or even curl/wget, but I only have access to servers on our side of the firewall.
I know I can manually check ...
1
vote
1
answer
2k
views
How to prevent nmap from fingerprinting HAProxy
In our periodic security scans, our HAProxy instances are always reported as a version disclosure vulnerability. On further inspection, it appears that there are no version banners in any responses ...
1
vote
2
answers
1k
views
Iptables protection against port scanners without DoS vulnerability
Archwiki features an article with suggestions for a stateful iptables firewall. They recommend some rules to trick port scanners, but advise that they open up a vulnerability for DoS attacks. In ...
1
vote
2
answers
2k
views
nmap scan only state of port
Is it possible with nmap to check only the state of a port whether- open, closed or filtered and NOT the services behind it?
The aim is to speed up scan results. Since UDP scan is also involved it is ...
1
vote
1
answer
666
views
Nmap reporting incorrect results from an idle scan
I have a VPS that I was scanning to make sure everything is in check. A regular SYN scan reports that ports 25 and 80 are open (which they should be). When I run an idle scan however, I get back that ...
1
vote
1
answer
1k
views
Scan IP range for SSL/TLS versions and vulnerabilities with legible/greppable output
I'm looking to find computers on the network that are using older versions of tls/ssl.
So far I've been using nmap's ssl-enum-ciphers and ssl-poodle scripts but the output isn't helpful as it shows ...
1
vote
1
answer
2k
views
Suspicious port scanning of spoolsv.exe on Windows server 2003 w/ Print server role
Noticed today on one of the servers, that Event viewer/Security has lots of "Failure audit" messages like this:
The message repeats every second and the port number is increased by one the range of ...
1
vote
0
answers
343
views
nftables : improve anti port scanning rules
I'm looking for ways to confuse port scanners. I do realize it is not that useful, but it is mostly to slow down attackers, and also to avoid ending up on websites like Shodan (or at least make the ...
1
vote
1
answer
2k
views
Scanning a range of ports with Ncat?
I'm aware that Nmap is the obvious choice for this task, however I would still like to know if it's possible to scan a range of ports with Ncat.
I see that I'm able to scan one port, but with a range ...
1
vote
1
answer
104
views
Port 1434 - Company Website hosting blocking us
We have a small network setup on a Windows Domain. We also have a company website that has the same domain name - but is actually not in any way on the domain - it's hosted elsewhere on a cheapo ...
1
vote
2
answers
332
views
Server sending packets every 5 minutes to 3 IPs
Been noticing in our firewall logs that three connections are being constantly established every 5 minutes from our web server and trying to send a packet to destination port 43 (whois port) cycling ...
1
vote
1
answer
1k
views
Snort, Portscans and Scanned IP Range field
According to manual.snort.org, TCP Portscans goes from one computer to other one, but when you take a look to an tcp portscan alert in snort/snorby you can see this:
In one hand:
Source: 136.238.4....
1
vote
1
answer
1k
views
Why does scanlogd miss port scans?
I am running scanlogd to detect port scans. I have observed the following to generate a log message in /var/log/syslog.
When I use zenmap (nmap gui) to port scan this system from another computer on ...
1
vote
1
answer
255
views
Detecting a host doing a port sweep across multiple interfaces/networks
I'm trying to set up a honey-pot like machine that would detect port sweeps from multiple networks with multiple interfaces.
As an illustration, if I could set up a box with eth1, eth2 and eth3.
...
0
votes
1
answer
1k
views
All-day Port scanning "victim" - How worried should I be? (CentOS)
In addition to my day job as a technical support specialist, I operate a shared web hosting environment and run a number of servers for this purpose. I run a LAMP environment.
Beginning at 4am ...
0
votes
1
answer
3k
views
Hide running service such as Nginx from a port scan
When I run a Port Scan to my server through NMap (like this)...
$ nmap -A -p443 example.com
...then I get an output like...
Starting Nmap 7.70 ( https://nmap.org ) at 2018-03-29 00:14 BST
Nmap scan ...
0
votes
1
answer
1k
views
Do an os scan with nmap only
Is it possible to do an OS detection scan with nmap without scanning a port? I really need only OS detection and try to reduce the amount of traffic as much as possible.
By the way what is the most ...
0
votes
1
answer
174
views
Why my port 27015 is scanned by several ISP across the world?
I configured my server to block all ports except 22,80 and 443 with UFW.
I then created a fail2ban rule to put in jail every IP that scan ports unsuccessfully more than 5 times and report it to ...
0
votes
1
answer
208
views
Router reboots when doing port-scanning [closed]
I'm facing a problem similar to Router reboots when using Nmap. To sum up, I'm doing port-scanning and once the rate is high enough the router reboots (just like described in the thread above using ...
0
votes
1
answer
7k
views
iptables rules and port scanners blocking
In order to block port scanners on Linux, i have found some rules on iptables to block attacker IP address.
These rules work correctly and it blocks the attacker, and logs the attacker ip address in ...