Jump to content

NMAP Wildcard Scan results weird result


Popshot
 Share

Recommended Posts

Hello everyone,

I just tried a nmap Scan with a x.x.x.* at the end to perfom a scan. The Result was more then 100 Hosts which seem to be up even some with a bitcoin service and the relating port open.

So my question is what does this mean?

Kind Regards,

Pop

Link to comment
Share on other sites

It means something responded to probes on those IPs. Without any more information that is about the best anyone can say.

If you want a better answer you'll need to tell us things like:

Is it an internal or external scan

Are the hosts you scanned up or down - do you know for sure

Are the services really running on those machines - if they are ones you own then you can check them from the machine themselves

Link to comment
Share on other sites

If you want to know what things are, turn all the devices off then scan again, slowly turn things on again and you'll see what things are what.

Once you've identified everything you can then work out what the open ports are.

Link to comment
Share on other sites

Is this a home network? If so, thats a lot of machines, unless this were a business or one of you has some virtual machines bridged directly to the network. I gather there would be many more for a business, but if only you and 2 others use the network, you might want to inventory all of your physical equipment and their MAC addresses, then do another nmap scan to match known machines. A ping sweep and arp -a display will get you all the IP to mac addresses as well. You might find more there with an arp scan, than show on a normal nmap scan alone if they ignored the scan, depending on what you scanned with and what replies to ARP.

Would also say, if you use wifi, make sure all of the routers in use are locked down, and no one has bridged their wireless network to piggyback off of yours. If you find that most of these machines are NOT yours, that would be troubling. If only wired, then I'd say dig some more after matching all physical nodes to corresponding hardware ID's and IP addresses and then track down the other machines or blacklist their MAC addresses on the network till someone complains their machine is down.

 

Just another thought, if you can't find the machines, check who has what iOT devices on the network, such as security cameras, thermostats, etc. Don't want to become part of the iOT botnet thats taking down half the internets....lol

 

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...