Solved

public IP scan  , why ALL tcp port are open ?

Posted on 2007-11-15
3
1,909 Views
Last Modified: 2010-07-27
Dear Experts,
After scanning a public IP, the result shows ALL (from 1->65301) tcp ports open and ALL can be telneted ! what do you thing on this resault ? (see sacn resault bellow)

in the first time I tought that it’s a honeypot or there is a device that respond to all tcp connections, some thing like, after asking a person related to the company  , that has this IP,  he said me that there is only a Cisco firewall (without IDP) in front this IP, but he hasn’t confirm me if it’s a honyepot or not.

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-12 16:10 Est
Stats: 0:00:15 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 56.07% done; ETC: 16:10 (0:00:12 remaining)
Interesting ports on *.*.*.*
PORT      STATE SERVICE
1/tcp     open  tcpmux
2/tcp     open  compressnet
3/tcp     open  compressnet
4/tcp     open  unknown
5/tcp     open  rje
6/tcp     open  unknown
7/tcp     open  echo
8/tcp     open  unknown
9/tcp     open  discard
10/tcp    open  unknown
11/tcp    open  systat
12/tcp    open  unknown
13/tcp    open  daytime
14/tcp    open  unknown
15/tcp    open  netstat
16/tcp    open  unknown
17/tcp    open  qotd
18/tcp    open  msp
19/tcp    open  chargen
20/tcp    open  ftp-data
21/tcp    open  ftp
22/tcp    open  ssh
23/tcp    open  telnet
24/tcp    open  priv-mail
25/tcp    open  smtp
26/tcp    open  unknown
27/tcp    open  nsw-fe
28/tcp    open  unknown
29/tcp    open  msg-icp
30/tcp    open  unknown
31/tcp    open  msg-auth
32/tcp    open  unknown
33/tcp    open  dsp
34/tcp    open  unknown
35/tcp    open  priv-print
36/tcp    open  unknown
37/tcp    open  time
38/tcp    open  rap
39/tcp    open  rlp
40/tcp    open  unknown
41/tcp    open  graphics
42/tcp    open  nameserver
43/tcp    open  whois
44/tcp    open  mpm-flags
45/tcp    open  mpm
46/tcp    open  mpm-snd
47/tcp    open  ni-ftp
48/tcp    open  auditd
49/tcp    open  tacacs
50/tcp    open  re-mail-ck
51/tcp    open  la-maint
52/tcp    open  xns-time
53/tcp    open  domain
54/tcp    open  xns-ch
55/tcp    open  isi-gl
56/tcp    open  xns-auth
57/tcp    open  priv-term
58/tcp    open  xns-mail
……………….

32774/tcp open  sometimes-rpc11
32775/tcp open  sometimes-rpc13
32776/tcp open  sometimes-rpc15
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19
32779/tcp open  sometimes-rpc21
32780/tcp open  sometimes-rpc23
32786/tcp open  sometimes-rpc25
32787/tcp open  sometimes-rpc27
38037/tcp open  landesk-cba
38292/tcp open  landesk-cba
43188/tcp open  reachout
44334/tcp open  tinyfw
44442/tcp open  coldfusion-auth
44443/tcp open  coldfusion-auth
47557/tcp open  dbbrowse
49400/tcp open  compaqdiag
50000/tcp open  iiimsf
50002/tcp open  iiimsf
54320/tcp open  bo2k
61439/tcp open  netprowler-manager
61440/tcp open  netprowler-manager2
61441/tcp open  netprowler-sensor
65301/tcp open  pcanywhere
Nmap finished: 1 IP address (1 host up) scanned in 27.797 seconds.

Best Regards
0
Comment
Question by:OTAlgerie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
Dozer42 earned 500 total points
ID: 20288123
If it's not you're device or someone you know, I'd leave it alone.

It could quite easily be a honeypot, could be the FBI, NSA, or heck, even worse it could be the Music Industry/RIAA/MPAA. ;)

Or it could just be an improperly configured PIX firewall.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20526461
Forced accept.

Computer101
EE Admin
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
802.1X auth setup and configuration 3 88
TLS 1.0 & Windows 7 - How to disable? 16 238
exchange 2010 Dag failed 3 67
protecting from the ransomware going around 9 75
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question