> Excuse your arrogance, but let me correct you in some points you made! > > First of all nmap does not scan only the services listed in /etc/services, if > you were to have bothered reading the manual before answering you would have > read, and I quote:
If you had actually read what I'd written, you'd see I didn't mention anywhere that nmap only scans ports listed in /etc/services. I said that nmap only scans ports mentioned in ITS OWN services file, which I assumed most people would be intelligent enough to realize was the nmap- services file (as documented in the manpage, if anyone would bother to read it). You're right that I neglected to mention that it also scans anything from 1 to 1024 even if it's not listed in the services file, though. > You could have spared the TCP/UDP diff lecture since the question wasn't > directed to that... The question was EXACTLY directed to that. The gentleman was asking why every UDP port scanned was being listed as "open." I explained the reason for it; the firewall was dropping the UDP packets, and the way portscans work with UDP is central to that. I fail to see the lack of relevance. > jc: If you own the box and *don't* have any reason to assume/think you've > been compromised (Just checking) you can check locally using nice tools like: > netstat -an --ip <for both udp and tcp> or netstat -an --udp[--tcp] for > either one. > lsof -i -n > nmap localhost -p 1-[HigherPortNumber] > fuser > and the list goes on =) -- Craig McPherson Information Technology Coordinator Baptist Collegiate Ministry
