unconvinced Posted July 17, 2009 Share Posted July 17, 2009 Hi all, I scanned a friend's i.p. with zenmap (gui version of nmap) and got the following result: Port State Service Reason Product Version Extra info 135 tcp open msrpc syn-ack Microsoft Windows RPC 1034 tcp closed zincite-a reset 1038 tcp closed unknown reset 1058 tcp closed nim reset 1071 tcp closed unknown reset 1072 tcp closed unknown reset 1073 tcp closed unknown reset 1074 tcp closed unknown reset 1141 tcp closed unknown reset 1147 tcp closed unknown reset 1900 tcp closed upnp reset Why did zenmap choose to tell me that those specific ports were closed on this pc, rather than just 'ignoring' closed ports as it does on most scans? Is it likely that these ports have services running on them on occasion but not during my scan, or have these ports been permanently closed? Obviously I was a bit concerned by the mention of 'zincite-a' in case my friend's pc was harboring a backdoor but as I'm very new to this I don't know if those ports are closed by xp's firewall or the AVG free my friend has installed. Any pointers would be appreciated. Thanks. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 17, 2009 Share Posted July 17, 2009 Add the --open option. This will cause nmap to only output open (or possibly open according to man) ports. Quote Link to comment Share on other sites More sharing options...
unconvinced Posted July 17, 2009 Author Share Posted July 17, 2009 Add the --open option. This will cause nmap to only output open (or possibly open according to man) ports. Thanks for the swift response Sparda. I don't necessarily wish to hide these ports in the scan results but I was puzzled by their explicit appearance for no reason that was obvious. Should I take it that the listing of zincite & nim isn't something to be worried about? Thanks again. Quote Link to comment Share on other sites More sharing options...
i.have.rewt Posted July 17, 2009 Share Posted July 17, 2009 I love it when people say they're doing something to a "friends' [pc/ip/network/router/etc]" It makes posts like these so much more tolerable. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 18, 2009 Share Posted July 18, 2009 All the ports it listed revived a reset (which means they are closed/filtered) but the reset packet is different in some way from a normal reset packet. Quote Link to comment Share on other sites More sharing options...
unconvinced Posted July 18, 2009 Author Share Posted July 18, 2009 I love it when people say they're doing something to a "friends' [pc/ip/network/router/etc]" It makes posts like these so much more tolerable. <rant> I understand your cynicism and I have no idea what proportion of posts similar to mine are actually genuine; this is one of those possibly rare cases. My concern about zincite etc. was real! If anybody actually gives a fig then I'll happily provide proof that this is indeed the pc of a friend and not one I'm trying to hack. I've scanned the pc's of several friends using the i.p.'s taken from email headers (where possible), purely out of curiosity. My leanings are whitehat not black, which is why I choose this forum. </rant> Sparda, thanks once more for the pointers, I'll see what gaps Google can fill. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.