Solved

public IP scan  , why ALL tcp port are open ?

Posted on 2007-11-15
3
1,888 Views
Last Modified: 2010-07-27
Dear Experts,
After scanning a public IP, the result shows ALL (from 1->65301) tcp ports open and ALL can be telneted ! what do you thing on this resault ? (see sacn resault bellow)

in the first time I tought that it’s a honeypot or there is a device that respond to all tcp connections, some thing like, after asking a person related to the company  , that has this IP,  he said me that there is only a Cisco firewall (without IDP) in front this IP, but he hasn’t confirm me if it’s a honyepot or not.

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-12 16:10 Est
Stats: 0:00:15 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 56.07% done; ETC: 16:10 (0:00:12 remaining)
Interesting ports on *.*.*.*
PORT      STATE SERVICE
1/tcp     open  tcpmux
2/tcp     open  compressnet
3/tcp     open  compressnet
4/tcp     open  unknown
5/tcp     open  rje
6/tcp     open  unknown
7/tcp     open  echo
8/tcp     open  unknown
9/tcp     open  discard
10/tcp    open  unknown
11/tcp    open  systat
12/tcp    open  unknown
13/tcp    open  daytime
14/tcp    open  unknown
15/tcp    open  netstat
16/tcp    open  unknown
17/tcp    open  qotd
18/tcp    open  msp
19/tcp    open  chargen
20/tcp    open  ftp-data
21/tcp    open  ftp
22/tcp    open  ssh
23/tcp    open  telnet
24/tcp    open  priv-mail
25/tcp    open  smtp
26/tcp    open  unknown
27/tcp    open  nsw-fe
28/tcp    open  unknown
29/tcp    open  msg-icp
30/tcp    open  unknown
31/tcp    open  msg-auth
32/tcp    open  unknown
33/tcp    open  dsp
34/tcp    open  unknown
35/tcp    open  priv-print
36/tcp    open  unknown
37/tcp    open  time
38/tcp    open  rap
39/tcp    open  rlp
40/tcp    open  unknown
41/tcp    open  graphics
42/tcp    open  nameserver
43/tcp    open  whois
44/tcp    open  mpm-flags
45/tcp    open  mpm
46/tcp    open  mpm-snd
47/tcp    open  ni-ftp
48/tcp    open  auditd
49/tcp    open  tacacs
50/tcp    open  re-mail-ck
51/tcp    open  la-maint
52/tcp    open  xns-time
53/tcp    open  domain
54/tcp    open  xns-ch
55/tcp    open  isi-gl
56/tcp    open  xns-auth
57/tcp    open  priv-term
58/tcp    open  xns-mail
……………….

32774/tcp open  sometimes-rpc11
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19
32779/tcp open  sometimes-rpc21
32780/tcp open  sometimes-rpc23
32786/tcp open  sometimes-rpc25
32787/tcp open  sometimes-rpc27
38037/tcp open  landesk-cba
38292/tcp open  landesk-cba
43188/tcp open  reachout
44334/tcp open  tinyfw
44442/tcp open  coldfusion-auth
44443/tcp open  coldfusion-auth
47557/tcp open  dbbrowse
49400/tcp open  compaqdiag
50000/tcp open  iiimsf
50002/tcp open  iiimsf
54320/tcp open  bo2k
61439/tcp open  netprowler-manager
61440/tcp open  netprowler-manager2
61441/tcp open  netprowler-sensor
65301/tcp open  pcanywhere
Nmap finished: 1 IP address (1 host up) scanned in 27.797 seconds.

Best Regards
0
Comment
Question by:OTAlgerie
3 Comments
 
LVL 4

Accepted Solution

by:
Dozer42 earned 500 total points
Comment Utility
If it's not you're device or someone you know, I'd leave it alone.

It could quite easily be a honeypot, could be the FBI, NSA, or heck, even worse it could be the Music Industry/RIAA/MPAA. ;)

Or it could just be an improperly configured PIX firewall.
0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
Forced accept.

Computer101
EE Admin
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now