Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1935
  • Last Modified:

public IP scan , why ALL tcp port are open ?

Dear Experts,
After scanning a public IP, the result shows ALL (from 1->65301) tcp ports open and ALL can be telneted ! what do you thing on this resault ? (see sacn resault bellow)

in the first time I tought that it’s a honeypot or there is a device that respond to all tcp connections, some thing like, after asking a person related to the company  , that has this IP,  he said me that there is only a Cisco firewall (without IDP) in front this IP, but he hasn’t confirm me if it’s a honyepot or not.

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-12 16:10 Est
Stats: 0:00:15 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 56.07% done; ETC: 16:10 (0:00:12 remaining)
Interesting ports on *.*.*.*
PORT      STATE SERVICE
1/tcp     open  tcpmux
2/tcp     open  compressnet
3/tcp     open  compressnet
4/tcp     open  unknown
5/tcp     open  rje
6/tcp     open  unknown
7/tcp     open  echo
8/tcp     open  unknown
9/tcp     open  discard
10/tcp    open  unknown
11/tcp    open  systat
12/tcp    open  unknown
13/tcp    open  daytime
14/tcp    open  unknown
15/tcp    open  netstat
16/tcp    open  unknown
17/tcp    open  qotd
18/tcp    open  msp
19/tcp    open  chargen
20/tcp    open  ftp-data
21/tcp    open  ftp
22/tcp    open  ssh
23/tcp    open  telnet
24/tcp    open  priv-mail
25/tcp    open  smtp
26/tcp    open  unknown
27/tcp    open  nsw-fe
28/tcp    open  unknown
29/tcp    open  msg-icp
30/tcp    open  unknown
31/tcp    open  msg-auth
32/tcp    open  unknown
33/tcp    open  dsp
34/tcp    open  unknown
35/tcp    open  priv-print
36/tcp    open  unknown
37/tcp    open  time
38/tcp    open  rap
39/tcp    open  rlp
40/tcp    open  unknown
41/tcp    open  graphics
42/tcp    open  nameserver
43/tcp    open  whois
44/tcp    open  mpm-flags
45/tcp    open  mpm
46/tcp    open  mpm-snd
47/tcp    open  ni-ftp
48/tcp    open  auditd
49/tcp    open  tacacs
50/tcp    open  re-mail-ck
51/tcp    open  la-maint
52/tcp    open  xns-time
53/tcp    open  domain
54/tcp    open  xns-ch
55/tcp    open  isi-gl
56/tcp    open  xns-auth
57/tcp    open  priv-term
58/tcp    open  xns-mail
……………….

32774/tcp open  sometimes-rpc11
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19
32779/tcp open  sometimes-rpc21
32780/tcp open  sometimes-rpc23
32786/tcp open  sometimes-rpc25
32787/tcp open  sometimes-rpc27
38037/tcp open  landesk-cba
38292/tcp open  landesk-cba
43188/tcp open  reachout
44334/tcp open  tinyfw
44442/tcp open  coldfusion-auth
44443/tcp open  coldfusion-auth
47557/tcp open  dbbrowse
49400/tcp open  compaqdiag
50000/tcp open  iiimsf
50002/tcp open  iiimsf
54320/tcp open  bo2k
61439/tcp open  netprowler-manager
61440/tcp open  netprowler-manager2
61441/tcp open  netprowler-sensor
65301/tcp open  pcanywhere
Nmap finished: 1 IP address (1 host up) scanned in 27.797 seconds.

Best Regards
0
OTAlgerie
Asked:
OTAlgerie
1 Solution
 
Dozer42Commented:
If it's not you're device or someone you know, I'd leave it alone.

It could quite easily be a honeypot, could be the FBI, NSA, or heck, even worse it could be the Music Industry/RIAA/MPAA. ;)

Or it could just be an improperly configured PIX firewall.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now