...it came to my attention when helping a friend out with a computer problem that her firewall is down or not working properly. Her computer is connected directly to the cable modem, sans a NAT router, so just for kicks, I portscanned her ip address and came back with this:
C:\Users\Karl>nmap -sV -O -P0 xxx.xxx.xxx.30
Starting Nmap 5.51 ( http://nmap.org ) at 2013-01-30 17:24 Eastern Standard Time
Nmap scan report for d-xxx-xxx-xxx-30.cpe.metrocast.net (xxx.xxx.xxx.30) Host is up (0.084s latency). Not shown: 990 filtered ports PORT STATE SERVICE VERSION 554/tcp open rtsp? 2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 6646/tcp open unknown 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49156/tcp open msrpc Microsoft Windows RPC 49157/tcp open msrpc Microsoft Windows RPC Warning: OSScan results may be unreliable because we could not find at least 1 o pen and 1 closed port Device type: general purpose Running: Microsoft Windows 7 OS details: Microsoft Windows 7 Service Info: OS: Windows
OS and Service detection performed. Please report any incorrect results at http: //nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 124.90 seconds
I've done my share of port scanning on both WAN's and LAN's, and there is something just not right here. She's using McAfee for a firewall and I'm trying to tell her those settings are just not right. That, and she's having a some hardware issue that has me wondering if she's been hit with a rootkit. But that's another story.
Any thoughts or input? Thanks.
