-->

2011-06-30

nmapの例

ローカルネットワーク上の別のパソコンから実行する。
自身から実行する。
tcp, udpで、それぞれ実行する。

tcp, udpのどちらかだけ開ける、などが確認できる。
rpc.statd の --outgoing-port 32766 は開けなくても良さそう。(OUTPUTチェインが素通しの場合)
nfs関連でtcpが1つ、udpが2つ、ポートを固定出来ていない。
動いてはいるが何かのタイミングで極端に遅くなったり、見た目動いていても実はおかしい、などになるかもしれない。
tcpの方はプロセス名が不明なのでlockdのようにkernelの設定になるのかもしれない。

追記: もしくは rpcinfo -p に挙げられているプロトコル、ポートが空いていれば大丈夫かもしれません。

この例の場合、調べるポート数が多いのでグローバルなIPアドレスで実行すると問題が発生するかもしれません。

tcpのポートを外側からチェック。
$ nmap -Pn -A -T5 -sT -p1- 192.168.0.200 > nmap-tcp-192.168.0.200.txt 2>&1 &
$ cat nmap-tcp-192.168.0.200.txt

Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-28 11:39 JST
Nmap scan report for cogentoo-1.localnet (192.168.0.200)
Host is up (0.0067s latency).
Not shown: 65518 filtered ports
PORT      STATE  SERVICE     VERSION
22/tcp    open   ssh         OpenSSH 5.8p1-hpn13v10 (protocol 2.0)
53/tcp    closed domain
111/tcp   open   rpcbind
123/tcp   closed ntp
137/tcp   closed netbios-ns
138/tcp   closed netbios-dgm
139/tcp   open   netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
445/tcp   open   netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
873/tcp   closed rsync
2049/tcp  open   rpcbind
2401/tcp  closed cvspserver
3690/tcp  closed svn
4949/tcp  open   munin       Munin
32765/tcp open   rpcbind
32766/tcp closed unknown
32767/tcp open   rpcbind
32768/tcp open   rpcbind

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 106.18 seconds

udpのポートを外側からチェック。
$ sudo nmap --host-timeout 1165535s -A -T5 -sU -p1- 192.168.0.200 > nmap-udp-192.168.0.200.txt 2>&1 &
$ cat nmap-udp-192.168.0.200.txt

Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-28 11:38 JST
Warning: 192.168.0.200 giving up on port because retransmission cap hit (2).
Umm -- RPC returned success for bogus version -- thats OK I guess
Umm -- RPC returned success for bogus version -- thats OK I guess
Nmap scan report for cogentoo-1.localnet (192.168.0.200)
Host is up (0.00098s latency).
Not shown: 65306 filtered ports, 214 open|filtered ports
PORT      STATE  SERVICE      VERSION
53/udp    closed domain
111/udp   open   rpcbind
123/udp   open   ntp          NTP v4
137/udp   open   netbios-ns   Microsoft Windows XP netbios-ssn
139/udp   closed netbios-ssn
445/udp   closed microsoft-ds
873/udp   closed rsync
2049/udp  open   rpcbind      0 (rpc #100000)
2401/udp  closed cvspserver
3690/udp  closed unknown
4949/udp  closed unknown
32765/udp open   rpcbind
32766/udp closed unknown
32767/udp open   rpcbind
32768/udp open   rpcbind      0 (rpc #100000)
MAC Address: 00:FF:8A:7E:AF:01 (Unknown)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
Service Info: OS: Windows

TRACEROUTE
HOP RTT     ADDRESS
1   0.98 ms cogentoo-1.localnet (192.168.0.200)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 72493.69 seconds

tcpのポートを内側からチェック。
$ nmap -A -T5 -sT -p1- 127.0.0.1 > nmap-tcp-127.0.0.1.txt 2>&1 &
$ cat nmap-tcp-127.0.0.1.txt

Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-28 11:39 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.024s latency).
Not shown: 65520 closed ports
PORT      STATE SERVICE     VERSION
22/tcp    open  ssh         OpenSSH 5.8p1-hpn13v10 (protocol 2.0)
25/tcp    open  smtp        Postfix smtpd
80/tcp    open  http        nginx
111/tcp   open  rpcbind     2-4 (rpc #100000)
139/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
443/tcp   open  ssl/http    Apache httpd
445/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
901/tcp   open  http        Samba SWAT administration server
2049/tcp  open  nfs         2-4 (rpc #100003)
4949/tcp  open  munin       Munin
8081/tcp  open  http        Apache httpd
32765/tcp open  status      1 (rpc #100024)
32767/tcp open  mountd      1-3 (rpc #100005)
32768/tcp open  nlockmgr    1-4 (rpc #100021)
55000/tcp open  rpc.unknown
Service Info: Host:  cogentoo-1.localnet

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.70 seconds

udpのポートを内側からチェック。
$ sudo nmap -A -T5 -sU -p1- 127.0.0.1 > nmap-udp-127.0.0.1.txt 2>&1 &
$ cat nmap-udp-127.0.0.1.txt

Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-28 11:39 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Not shown: 65525 closed ports
PORT      STATE         SERVICE     VERSION
111/udp   open          rpcbind     2-4 (rpc #100000)
123/udp   open          ntp         NTP v4
137/udp   open          netbios-ns  Microsoft Windows XP netbios-ssn
138/udp   open|filtered netbios-dgm
608/udp   open|filtered sift-uft
957/udp   open          rpcbind     2-4 (rpc #100000)
2049/udp  open          nfs         2-4 (rpc #100003)
32765/udp open          status      1 (rpc #100024)
32767/udp open          mountd      1-3 (rpc #100005)
32768/udp open          nlockmgr    1-4 (rpc #100021)
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
Service Info: Host: COGENTOO-1; OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 89.97 seconds

再起動すると固定出来ていないポートがあることがわかる。
$ diff /tmp/a.txt nmap-udp-127.0.0.1.txt
2c2
< Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-28 11:39 JST
---
> Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-30 13:07 JST
4c4
< Host is up (0.00033s latency).
---
> Host is up (0.00s latency).
11,12c11,12
< 608/udp   open|filtered sift-uft
< 957/udp   open          rpcbind     2-4 (rpc #100000)
---
> 956/udp   open          rpcbind     2-4 (rpc #100000)
> 1011/udp  open|filtered unknown
22c22
< Nmap done: 1 IP address (1 host up) scanned in 89.97 seconds
---
> Nmap done: 1 IP address (1 host up) scanned in 90.99 seconds

$ diff /tmp/b.txt nmap-tcp-127.0.0.1.txt
2c2
< Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-28 11:39 JST
---
> Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-30 13:07 JST
4c4
< Host is up (0.024s latency).
---
> Host is up (0.026s latency).
10c10
< 111/tcp   open  rpcbind     2-4 (rpc #100000)
---
> 111/tcp   open  rpcbind
21c21
< 55000/tcp open  rpc.unknown
---
> 47454/tcp open  rpc.unknown
25c25
< Nmap done: 1 IP address (1 host up) scanned in 19.70 seconds
---
> Nmap done: 1 IP address (1 host up) scanned in 21.74 seconds

$ sudo lsof -i:956,1011,47454
COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind   1661   root    7u  IPv4   3659      0t0  UDP *:956
rpc.statd 1683 nobody    5u  IPv4   3831      0t0  UDP *:1011

$ sudo netstat -anp | grep -P "956|1011|47454"
tcp        0      0 0.0.0.0:47454           0.0.0.0:*               LISTEN      -
udp        0      0 0.0.0.0:956             0.0.0.0:*                           1661/rpcbind
udp        0      0 0.0.0.0:1011            0.0.0.0:*                           1683/rpc.statd
投稿者
ラベル: ,

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)