Skip to main content

Questions tagged [port-scanning]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
75 votes
12 answers
38k views

Does changing default port number actually increase security? [closed]

I have seen advice saying you should use different port numbers for private applications (e.g. intranet, private database, anything that no outsider will use). I am not entirely convinced that can ...
Sam's user avatar
  • 975
25 votes
1 answer
24k views

Displaying nmap result gradually as results are found

To get nmap results, one has to wait for the end of the scan. How can I force nmap to gradually display the newly found hosts and open ports while it is running?
user123456's user avatar
12 votes
4 answers
45k views

Is there a way to see what is actually filtering TCP port communication?

nmap -p 7000-7020 10.1.1.1 Will output all the filtered ports Starting Nmap 6.40 ( http://nmap.org ) at 2015-03-04 12:18 EET Nmap scan report for 10.1.1.1 Host is up (0.00091s latency). PORT ...
Eduard Florinescu's user avatar
7 votes
9 answers
1k views

Network vulnerability and port scanning services

I'm setting up a periodic port scan and vulnerability scan for a medium-sized network implementing a customer-facing web application. The hosts run CentOS 5.4. I've used tools like Nmap and OpenVAS, ...
DigitalRoss's user avatar
4 votes
2 answers
30k views

What is msrpc needed for on a Windows 7 workstation

I just ran an nmap scan against our network, and many Windows 7 machines have several high ports listening with Microsoft Windows RPC. Example: Port Serv Process name 49152, msrpc [wininit.exe] ...
Jim Balo's user avatar
  • 270
4 votes
1 answer
6k views

NMAP (or other) continuous port scan until it returns open?

Is there a way with nmap or anything else to do a continuous port scan, say on port 22, until the service comes up and the port is coming back as open? Kind of like you may have an infinite ping ...
TryTryAgain's user avatar
  • 1,162
4 votes
3 answers
2k views

IPv6 replacement for scanning IP range

Under IPv4, I often use nmap to scan my entire IP range to identify newly-connected devices and update my documentation, track down and shut off things that don't belong on the network, etc. I even ...
Richard Gadsden's user avatar
4 votes
2 answers
2k views

Server is listening in Port 110 and I can't find any way to disable or block it

I have a Windows 2012 R2 server used as web server, with ports for web (80, 443, and 8080) open for public sites hosted on it. Doing some security checks on it, I found it's listening on port 110 too: ...
Shadow Wizard's user avatar
4 votes
2 answers
1k views

Best way to determine if IPs in a subnet are up or down in Linux

I have a simple method that I am using on four subnets to determine which registered IPs are actually up and active, and which ones can be removed. Initially, I iterate through the list of domain ...
UnworthyToast's user avatar
3 votes
5 answers
14k views

Can't get nmap to work under Windows 7 64 bit

I'm trying to install and run the nmap tool to test my server, but it keeps saying Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 and showing all the server ports ...
jitbit's user avatar
  • 407
3 votes
6 answers
12k views

Detect computer which does port scanning

I have about 15 computers on a local network behind simple TP-LINK TL-WR340G router. Everything works fine and the router does its job. Recently we were informed that port scanning is being performed ...
agsamek's user avatar
  • 321
3 votes
1 answer
4k views

CentOS 7 SNMP port always closed

I have a CentOS 7 server in which I opened up ports for SNMP connections. Even though I can see the ports open here: [matias@Centos_7_VM ~]$ sudo firewall-cmd --list-all [sudo] password for matias: ...
Matias Barrios's user avatar
3 votes
2 answers
3k views

Weird Port scanning results using nmap

I was scanning one of my friends servers using nmap and got these port details. PORT STATE SERVICE 22/tcp open ssh 42/tcp filtered nameserver 80/tcp open http 111/tcp open ...
user994535's user avatar
3 votes
2 answers
123 views

Finding XP boxes on our intranet

We're out on a mission to find and eradicate XP boxes on our intranet. Now we're wondering what the fastest (scan) method might be --XP boxes connected to our active directory have already been ...
Ralf Hildebrandt's user avatar
3 votes
1 answer
3k views

Windows Filtering Platform dropping SQL Server connections

I've been investigating connection issues between my web server (Web01) and a database server (Database01). My current setup: Web01 - two NICs, one external (firewalled), one internal (not firewalled)...
Matthew Abbott's user avatar
3 votes
1 answer
748 views

Scan SSH for offered authentication options

I'd like to scan our network (IPv4 and IPv6) for ssh and find the offered authentication options. Ultimately I'd like to end up with a parseable list[1] of hosts that contains the following info: IP ...
serverhorror's user avatar
  • 6,508
2 votes
4 answers
7k views

Port-scanning on Cisco router with Nmap

I have Cisco 2911 router just booted with factory settings and no ACLs or NAT configured. All I did is turned on the interfaces and assigned IPs. I am trying to scan for open ports with Nmap, but the ...
ScienceSamovar's user avatar
2 votes
1 answer
210 views

How to test iptables settings by port scanning? [closed]

I want to test my iptables and prove that it only allows traffic for given Protocol / Port - combinations. How I can use as a target for a port scan?
vinzBad's user avatar
  • 133
2 votes
3 answers
8k views

how to protect from port scanning a windows server 2008

I am search to find a program, or a way to block ips that make port scan on the server. The goal is to hide some ports like remote desktop on a different port. So some are search the port with port ...
Aristos's user avatar
  • 174
2 votes
3 answers
6k views

Port scanning and Windows Firewall

I am trying to understand the results I am getting when scanning ports on a machine that has an active built-in Windows Firewall. My test environment has two Windows 7 machines running in Hyper-V VMs ...
David's user avatar
  • 21
2 votes
1 answer
11k views

What is the fastest way to scan all ports of a single maching using tcp scan

After reading this post here, from security.stackexchange, I was wondering what is the best way to scan all ports of a single maching using tcp scan only. "nmap -sT -p 1-65535 localhost" is what I ...
Doe Joe's user avatar
  • 21
2 votes
1 answer
653 views

Service pn-requester (2717) port information

I have not found big information on the internet about what does this service and for what is used. I apreciate if someone can explain to me a little. Thank you
Juan Escobar's user avatar
2 votes
1 answer
6k views

Nmap unable to resolve hostnames

I have tried running several nmap commands and I can't get the results to return host names. My results look like this: Nmap scan report for 10.2.16.253 Host is up (0.0025s latency). All 1000 scanned ...
UbuntuNoob's user avatar
2 votes
1 answer
276 views

Are random packets normal?

About a month ago on one of my servers I started receiving random packets from IPs all over the world. So I did the smart thing and stopped putting off installing an IDS. This IDS is a ClearOS Gateway ...
TheLQ's user avatar
  • 1,003
2 votes
0 answers
847 views

Efficient way to prevent UDP port scan

I have a Ubuntu server, there are services public in some ports, include TCP and UDP, and trying to protect it against port scanner (TCP and UDP). The TCP scanner block is done by using "recent" ...
Andiana's user avatar
  • 131
2 votes
2 answers
1k views

How to prevent port scanning by VPN users on a CentOS VPN gateway

I'm using CentOS as a VPN gateway. Users connected to my server have access to the internet. The problem is that some of the users' computers are infected with some kind of worm, and as soon as they ...
Dave's user avatar
  • 21
1 vote
3 answers
62k views

How can I find out if a port on a remote server is open as well as a service is listening on it?

I want to check if a set of ports are opened or closed on some remote servers. I went through various discussions on the subject and most of the people suggested to use nmap, nc and telnet <server-...
user2436428's user avatar
1 vote
2 answers
3k views

Port Scanning Temporary Block on Linux Centos

I am running a VPS server (Linux CentOS) to provide web hosting for my clients. Yesterday, one of my clients got blocked out by the LFD firewall on my server: I got a server admin email notification ...
Marc Audet's user avatar
1 vote
2 answers
5k views

pfSense and Snort: unexpected portscan traffic on interface

I have a pfSense box acting as my public facing router and stateful firewall. There is 1 WAN interface and several LAN interfaces using private IPs behind NAT. I EXPECT to see portscans or all kinds ...
user145837's user avatar
1 vote
1 answer
2k views

nmap shows strange open ports

Running nmap on my localhost shows me strange open ports: $ nmap -p- localhost Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET Nmap scan report for localhost (127.0.0.1) Host is up (0....
lumbric's user avatar
  • 244
1 vote
2 answers
944 views

Linux/Bash: Test if my server is opened to the Internet programmatically/via CLI [closed]

RHEL 6 and Bash. It would be easy if I had a remote server to just run nmap from, or even curl/wget, but I only have access to servers on our side of the firewall. I know I can manually check ...
usedTobeaMember's user avatar
1 vote
1 answer
2k views

How to prevent nmap from fingerprinting HAProxy

In our periodic security scans, our HAProxy instances are always reported as a version disclosure vulnerability. On further inspection, it appears that there are no version banners in any responses ...
Bas Peters's user avatar
1 vote
2 answers
1k views

Iptables protection against port scanners without DoS vulnerability

Archwiki features an article with suggestions for a stateful iptables firewall. They recommend some rules to trick port scanners, but advise that they open up a vulnerability for DoS attacks. In ...
andresgongora's user avatar
1 vote
2 answers
2k views

nmap scan only state of port

Is it possible with nmap to check only the state of a port whether- open, closed or filtered and NOT the services behind it? The aim is to speed up scan results. Since UDP scan is also involved it is ...
user492160's user avatar
1 vote
1 answer
666 views

Nmap reporting incorrect results from an idle scan

I have a VPS that I was scanning to make sure everything is in check. A regular SYN scan reports that ports 25 and 80 are open (which they should be). When I run an idle scan however, I get back that ...
Aaron's user avatar
  • 742
1 vote
1 answer
1k views

Scan IP range for SSL/TLS versions and vulnerabilities with legible/greppable output

I'm looking to find computers on the network that are using older versions of tls/ssl. So far I've been using nmap's ssl-enum-ciphers and ssl-poodle scripts but the output isn't helpful as it shows ...
rambetherleu's user avatar
1 vote
1 answer
2k views

Suspicious port scanning of spoolsv.exe on Windows server 2003 w/ Print server role

Noticed today on one of the servers, that Event viewer/Security has lots of "Failure audit" messages like this: The message repeats every second and the port number is increased by one the range of ...
Volodymyr Molodets's user avatar
1 vote
0 answers
343 views

nftables : improve anti port scanning rules

I'm looking for ways to confuse port scanners. I do realize it is not that useful, but it is mostly to slow down attackers, and also to avoid ending up on websites like Shodan (or at least make the ...
ShellCode's user avatar
  • 121
1 vote
1 answer
2k views

Scanning a range of ports with Ncat?

I'm aware that Nmap is the obvious choice for this task, however I would still like to know if it's possible to scan a range of ports with Ncat. I see that I'm able to scan one port, but with a range ...
Ed Shway's user avatar
  • 111
1 vote
1 answer
104 views

Port 1434 - Company Website hosting blocking us

We have a small network setup on a Windows Domain. We also have a company website that has the same domain name - but is actually not in any way on the domain - it's hosted elsewhere on a cheapo ...
Chris Nevill's user avatar
1 vote
2 answers
332 views

Server sending packets every 5 minutes to 3 IPs

Been noticing in our firewall logs that three connections are being constantly established every 5 minutes from our web server and trying to send a packet to destination port 43 (whois port) cycling ...
Anthony Miller's user avatar
1 vote
1 answer
1k views

Snort, Portscans and Scanned IP Range field

According to manual.snort.org, TCP Portscans goes from one computer to other one, but when you take a look to an tcp portscan alert in snort/snorby you can see this: In one hand: Source: 136.238.4....
Txalin's user avatar
  • 13
1 vote
1 answer
1k views

Why does scanlogd miss port scans?

I am running scanlogd to detect port scans. I have observed the following to generate a log message in /var/log/syslog. When I use zenmap (nmap gui) to port scan this system from another computer on ...
Lord Loh.'s user avatar
  • 1,079
1 vote
1 answer
255 views

Detecting a host doing a port sweep across multiple interfaces/networks

I'm trying to set up a honey-pot like machine that would detect port sweeps from multiple networks with multiple interfaces. As an illustration, if I could set up a box with eth1, eth2 and eth3. ...
cawt's user avatar
  • 11
0 votes
1 answer
1k views

All-day Port scanning "victim" - How worried should I be? (CentOS)

In addition to my day job as a technical support specialist, I operate a shared web hosting environment and run a number of servers for this purpose. I run a LAMP environment. Beginning at 4am ...
David W's user avatar
  • 3,469
0 votes
1 answer
3k views

Hide running service such as Nginx from a port scan

When I run a Port Scan to my server through NMap (like this)... $ nmap -A -p443 example.com ...then I get an output like... Starting Nmap 7.70 ( https://nmap.org ) at 2018-03-29 00:14 BST Nmap scan ...
David Garcia's user avatar
0 votes
1 answer
1k views

Do an os scan with nmap only

Is it possible to do an OS detection scan with nmap without scanning a port? I really need only OS detection and try to reduce the amount of traffic as much as possible. By the way what is the most ...
Laoneo's user avatar
  • 274
0 votes
1 answer
174 views

Why my port 27015 is scanned by several ISP across the world?

I configured my server to block all ports except 22,80 and 443 with UFW. I then created a fail2ban rule to put in jail every IP that scan ports unsuccessfully more than 5 times and report it to ...
Climbatize's user avatar
0 votes
1 answer
208 views

Router reboots when doing port-scanning [closed]

I'm facing a problem similar to Router reboots when using Nmap. To sum up, I'm doing port-scanning and once the rate is high enough the router reboots (just like described in the thread above using ...
ezegoing's user avatar
  • 103
0 votes
1 answer
7k views

iptables rules and port scanners blocking

In order to block port scanners on Linux, i have found some rules on iptables to block attacker IP address. These rules work correctly and it blocks the attacker, and logs the attacker ip address in ...
Zareh Kasparian's user avatar