Risultati di scansione diversi con Nmap

1

Io e il mio amico abbiamo accesso a un ambiente privato e usiamo Nmap per analizzare un dominio e un www.

Ottengo il seguente risultato:

======================================================================
                          INCORRECT SCANNING
======================================================================

nmap -sS -v www.site.com.br

Starting Nmap 7.31 ( https://nmap.org ) at 2017-01-02 13:45 EST
Initiating Ping Scan at 13:45
Scanning www.site.com.br (173.x.x.20) [4 ports]
Completed Ping Scan at 13:45, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:45
Completed Parallel DNS resolution of 1 host. at 13:45, 0.45s elapsed
Initiating SYN Stealth Scan at 13:45
Scanning www.site.com.br (173.x.x.20) [1000 ports]
Discovered open port 22/tcp on 173.x.x.20
Discovered open port 53/tcp on 173.x.x.20
Discovered open port 21/tcp on 173.x.x.20
Discovered open port 554/tcp on 173.x.x.20
Discovered open port 111/tcp on 173.x.x.20
Discovered open port 80/tcp on 173.x.x.20
Discovered open port 7070/tcp on 173.x.x.20
Completed SYN Stealth Scan at 13:45, 6.73s elapsed (1000 total ports)
Nmap scan report for www.site.com.br (173.x.x.20)
Host is up (0.17s latency).
rDNS record for 173.x.x.20: 14.5d.2d.static.xlhost.com
Not shown: 990 closed ports
PORT     STATE    SERVICE
19/tcp   filtered chargen
21/tcp   open     ftp
22/tcp   open     ssh
25/tcp   filtered smtp
53/tcp   open     domain
80/tcp   open     http
111/tcp  open     rpcbind
554/tcp  open     rtsp
5555/tcp filtered freeciv
7070/tcp open     realserver

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 7.72 seconds
Raw packets sent: 1034 (45.472KB) | Rcvd: 1022 (40.896KB)

Ma il mio amico ha questo:

======================================================================
                          CORRECT SCANNING
======================================================================

nmap -sS -v www.site.com.br

Starting Nmap 7.31 ( https://nmap.org ) at 2017-01-02 15:26 BRT
Initiating Ping Scan at 15:26
Scanning www.site.com.br (173.x.x.20) [4 ports]
Completed Ping Scan at 15:26, 0.21s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:26
Completed Parallel DNS resolution of 1 host. at 15:26, 0.01s elapsed
Initiating SYN Stealth Scan at 15:26
Scanning www.site.com.br (173.x.x.20) [1000 ports]
Discovered open port 80/tcp on 173.x.x.20
Discovered open port 111/tcp on 173.x.x.20
Discovered open port 22/tcp on 173.x.x.20
Discovered open port 21/tcp on 173.x.x.20
Discovered open port 53/tcp on 173.x.x.20
Completed SYN Stealth Scan at 15:26, 6.58s elapsed (1000 total ports)
Nmap scan report for www.site.com.br (173.x.x.20)
Host is up (0.17s latency).
rDNS record for 173.x.x.20: 14.x.x.x.x.com
Not shown: 991 closed ports
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
25/tcp   filtered smtp
53/tcp   open     domain
80/tcp   open     http
111/tcp  open     rpcbind
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
2301/tcp filtered compaqdiag

I miei risultati non hanno senso, e il suo è corretto. Perché otteniamo risultati diversi e come posso risolverlo?

    
posta MHenrique12 03.01.2017 - 20:05
fonte

2 risposte

2

Concentriamoci solo sui dati rilevanti: la porta 554 e 7070 si aprono nella scansione.

Ci sono 1h e 19 minuti (13:45 EST = 16:45 BRT) di differenza tra le scansioni, quindi forse quando hai scansionato il bersaglio, aveva un RealServer in funzione (porte 554 e 7070), e quando il tuo amico scansionato, non aveva il RealServer in esecuzione.

    
risposta data 03.01.2017 - 20:38
fonte
2

Probabilmente le regole del firewall basate sul paese. Ho controllato questo rDNS record for 173.x.x.20: 14.5d.2d.static.xlhost.com e dal mio paese hanno aperto solo queste porte:

21/tcp  open     ftp
22/tcp  open     ssh
53/tcp  open     domain
80/tcp  open     http
111/tcp open     rpcbind
    
risposta data 03.01.2017 - 21:19
fonte

Leggi altre domande sui tag