Jump to content

nmap scan and iPhone


aryakangler

Recommended Posts

Can anyone explain why there would be such a difference when both iPhones are running iOS10? One is a 6, other 6s, but each running 10.0.2

iPhone 6

668/tcp   filtered mecomm
1045/tcp  filtered fpitp
1087/tcp  filtered cplscrambler-in
1687/tcp  filtered nsjtp-ctrl
1900/tcp  filtered upnp
3261/tcp  filtered winshadow
3998/tcp  filtered dnx
4550/tcp  filtered gds-adppiw-db
5221/tcp  filtered 3exmp
5633/tcp  filtered beorl
8292/tcp  filtered blp3
9999/tcp  filtered abyss
10566/tcp filtered unknown
18101/tcp filtered unknown
19101/tcp filtered unknown
62078/tcp open     tcpwrapped
64623/tcp filtered unknown

iPhone 6s

62078/tcp open  tcpwrapped
Edited by aryakangler
Link to comment
Share on other sites

filtered is more than likely closed ports. Try using your nmap command with "--open" for only open ports. 

Edited by digip
Link to comment
Share on other sites

They do not have the same apps.

Thank you for the replies. I don't know much about nmap, but have run numerous scans and this was the first time i've ran into an iPhone with all these "filtered" ports. A little googling of the ports didn't provide me with any reliable information, so I was a bit alarmed.

Link to comment
Share on other sites

Have you scanned with -sS, -sU, -sA and -sT?

Try -P0 (zero) to stop PINGing the phone first.

Also, try slowing your scan (use T0, T1 or T2 instead of 4).

You can also try using --max-rate and --data-length.

A combination of some or all of the above may yield more port results, it may not. Give it a try :) Note that the scans will likely take much longer.

Link to comment
Share on other sites

I'm sorry to be blunt here but you are chasing ghosts.  There is nothing there.  You have two iPhones, both with the same port open "62078".  Thats it.  One of your iPhones has some additional firewall or IDS system which is blocking Nmap from probing some of the ports in its default range so therefore the result is "filtered"

Read this for additional understanding.  https://nmap.org/book/man.html

Link to comment
Share on other sites

16 hours ago, pentestgeek said:

One of your iPhones has some additional firewall or IDS system which is blocking Nmap from probing some of the ports in its default range so therefore the result is "filtered"

Granted, however a scan simply using 'nmap -T4 -A -v' would not necessarily yield all available open ports. Using the options in my post above, I'll oftentimes come across ports that were previously filtered suddenly show as open, simply because they get locked-down during an obvious scan. Which -T4 with no other filters would be.

Link to comment
Share on other sites

Thanks for the info. I will try more scans with the filters mentioned and compare results.

For the record, this is not a pentest. I am a serial tinkerer. Anytime I am with friends/family and I know everyone has a device connected to the local network I am running various scans out of curiosity. Again, it sparked an interest when this iPhone responded to the scan in this way. While the phones have different apps, I can not think of either that would have extra "firewall or IDS" installed. Different settings in the settings menu i'm sure, but other than that, the apps are nothing special.

My main concern is nefarious activity. To that degree, none of these filtered ports could be related to any type of backdoor or malware on the device right?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...