sketch242 ([personal profile] sketch242) wrote in [personal profile] mjg59 2017-05-02 03:34 pm (UTC)

Re: Is a port scan good enough?

I tried this and the only hosts on my network with port 623 open were servers with IPMI which also use this port for virtual media. All of the other TCP ports in the list were closed. However, then I tried the same scan with UDP, and found many desktops listen on some or all of these ports.
# nmap -sU -p16992,16993,16994,16995,623,664 10.10.20.210

Starting Nmap 6.40 ( http://nmap.org ) at 2017-05-02 10:34 CDT
Nmap scan report for test (10.10.20.210)
Host is up (0.00019s latency).
PORT      STATE         SERVICE
623/udp   open|filtered asf-rmcp
664/udp   open|filtered secure-aux-bus
16992/udp open|filtered unknown
16993/udp open|filtered unknown
16994/udp open|filtered unknown
16995/udp open|filtered unknown
MAC Address: A0:D3:C1:20:9F:11 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.28 seconds

I am not sure what open|filtered means, but I am able to establish a connection to them with nc -u. That doesn't happen on ports that show up in state closed.

(51 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.