h**h
发帖数: 132 | 1 Maybe you can help me out,
this is the error message when I tried to start nmap as root
[root@photon ~]> nmap isdn
Starting nmap V. 2.12 by Fyodor (f****[email protected], www.insecure.org/nmap/)
pcap_open_live: /dev/lo0: No such file or directory
If you are on Linux and getting Socket type not supported, try modprobe af_packe
t or recompile your kernel with SOCK_PACKET enabled. If you are on bsd and gett
ing device not configured, you need to recompile your kernel with Berkeley Packe
t Filter support. |
|
t***y
发帖数: 741 | 2 I run SSH deamon on tomato firmware on a non-standard port. When using NMap
to scan the router from external, NMap shows all ports are filtered (no open
ports). While when I scan my openSUSE 11.3 box with openSSH, NMap discovers
my SSH server which is run on a non-standard port.
Anybody know how tomato makes SSH port stealthy? |
|
t***y
发帖数: 741 | 3 I am not sure about your question.
When I scan my router which is running dropbear (SSH daemon), NMap did not discover the SSH port. However NMap discovered the openSSH server on the openSUSE box. Both dropbear and openSSH are run on non-default ports.
Basically I am trying to figure out how tomato or dropbear does this, so I can configure openSSH to the same effect.
I assumed tomato does that by drop port scan packets, however I could not find anything in the log. |
|
p***r
发帖数: 49 | 4 Thank you for your reply. I tried nmap both as a root and
as a user. I like
the function to guess host's OS.
By the way, I am NOT interested in eavesdroping the
packets in an ethernet, which can be done with a lot of
softwares though. And I don't think nmap or
tcpdump can monitor a network. I am a newcomer in info
security, but I am
not a new comer in OS or TCP/IP.
I will appreciate a reply but I do not 100% trust it
before I do the
experiment by myself.
Anyway, thanks again for your re |
|
h**h
发帖数: 132 | 5 you have to be root to run nmap for udp scan
but for tcp scan, you should be able to run as anormal user
at least it works for me |
|
m*****e
发帖数: 4193 | 6 How could you know I hadn't tried it? Using nmap is one thing in my job.
You won't get full functionality without being root. It needs to construct
customized packets to detect OS types, for example. |
|
m*****e
发帖数: 4193 | 7 Probably the only thing he can do is TCP scan, which is the easiest job
of nmap.
UDP scan is entirely different (and much tricker). You need the ability
to receive ICMP packets, which requires root. I've written such an utility
myself to monitor the health of the DHCP server in my department. |
|
h**h
发帖数: 132 | 8 Have you tried installing nmap on Solaris?
did you ever make it work to scan udp port?
I was only able to run udp scan off linux box |
|
h**h
发帖数: 132 | 9 that's interesting, seems that my problem was a typical one
there is explanation in nmap 2.53
SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such fil
e or directory', complain to Sun. I don't think Solaris can support advanced lo
calhost scans. You can probably use "-P0 -sT localhost" though.
I wonder how you fixed that/. |
|
m*****e
发帖数: 4193 | 10
Then your system must have a weird (or dangerous/incorrect) setting
which allows normal users to use raw socket, assuming your nmap is
not setuid root (since you claim you are not a new comer in OS).
Oh I was confused by your question. I would have appreciated it if
you had made clear what "cannot read socket" means.
This makes me more confused. |
|
p***r
发帖数: 49 | 11 I didn't say I could use fingerprint function as a
non-root. The help
given by nmap is very clear, only root could use stared
functions.
What I meant is that "I can not read some sockets as a
non-root in my linux."
I said I am not good in security, but I will learn it and
read papers in
the winter. |
|
u*********d
发帖数: 105 | 12 The readme is very clear and there's a gui nmap |
|
u*********d
发帖数: 105 | 13 Don't know. But some services tell you their versions, e.g. in http, some ftp,
some smtp. You don't need nmap to know its version. |
|
w*******y
发帖数: 60932 | 14 Garmin Nmaps - North American Lifetime Map Updates for Nuvi series
Catalogue number: 010-11269-00
EAN: 0753759084837
UPC: 753759084837
Category: Electronics
Link:
http://www.langtoninfo.com/showitem.aspx?isbn=0753759084837
$43.64 + $6.99 S/H = $50.63
Cheapest I could find elsewhere now is ~$80 shipped.
Only downside is that it is shipped from England, so it will take a week or
so to get to the US.
|
|
e****e
发帖数: 677 | 15 读Phd中
没有idea
看那些IMC等等之类的文章
感觉啥都可以测
连色情网站都可以测一下
不过自己去想idea就是想不到
老板瞎给idea
譬如听说了UCweb 可以省流量,减少delay
就叫我测
我拿着手机对这alexa rank 前100首页手工测
然后画流量图,延迟图等等
根本没有比较好的规律可言。。。。
也想不到能做些啥
然后老板看到往上有很多open DNS 服务器
又叫我用nmap找这些服务器的安全弱点
我写自动化脚本用nmap测了一系列服务器
得出来的就是nmap的那些结果
也找不到一些更多的统计数据或者有意思的结论
然后老板看到IMC有测IP spoofing可行性的文章
那文章测了好几年,数据是从几百万(或者几十万,记不清了)自愿者得来
就叫我用planetlab测(才1000多个node)
我测了也不知道能发散思维弄出些什么东西来。。。
我知道网络测量就是要从不同角度去想,挖空心思想一些可以得到的统计数据
把一个本来感觉只可以写1页纸的问题扩展成10多页
可是这几个东西实在不知道怎么去扩展
有没有做网络测量的大侠给个思路和指点
谢谢 |
|
g*******t
发帖数: 7704 | 16 TL; DR 版本:Linode 是躺著中槍的路人
上個月,Linode 被打下來,洩漏了一堆資訊。逼得很多人不得不換卡和換密碼。幾個
小時前,在 HackerNews 的一篇文章揭露 Linode 其實是路邊的那個倒楣鬼,人家不是
要揍他,而是揍他的客戶…
以下內容是基於 HN 上的一篇懶人包翻譯,然後加上HTP 雜誌原文裡的資訊。
故事是這樣的:
有個駭客組織叫 HTP,最近有個匿名組織假冒成另一個組織 “ac1db1tch3z” 想要挖
他們的底(去挖 HTP 的 botnet)。HTP 非常不爽想要報復,後來他們查到這個匿名組
織在用 SwiftIRC 這個 IRC 服務在聯絡。而 SwiftIRC 的 nameserver 放在 Linode..。
所以 HTP 想要把 Linode 打下來,hack 進 SwitftIRC 放後門,然後報復回去。
他們一開始直接打 Linode,結果 1day exploit 被 Linode 防下來了。但是,Linode
的域名註冊商 name.com 被打下來了。所以他們的計畫改成弄一個 transparent proxy
,打算從中間... 阅读全帖 |
|
m*******l
发帖数: 12782 | 17 【 以下文字转载自 Security 讨论区 】
发信人: az2008 (举步维艰,是该消瘦一下了), 信区: Security
标 题: 【转帖】Linode 被 Hack 事件始末 (转载)
发信站: BBS 未名空间站 (Thu Dec 5 22:54:24 2013, 美东)
发信人: googlebot (bot), 信区: Hardware
标 题: 【转帖】Linode 被 Hack 事件始末
发信站: BBS 未名空间站 (Wed May 8 11:49:48 2013, 美东)
TL; DR 版本:Linode 是躺著中槍的路人
上個月,Linode 被打下來,洩漏了一堆資訊。逼得很多人不得不換卡和換密碼。幾個
小時前,在 HackerNews 的一篇文章揭露 Linode 其實是路邊的那個倒楣鬼,人家不是
要揍他,而是揍他的客戶…
以下內容是基於 HN 上的一篇懶人包翻譯,然後加上HTP 雜誌原文裡的資訊。
故事是這樣的:
有個駭客組織叫 HTP,最近有個匿名組織假冒成另一個組織 “ac1db1tch3z” 想要挖
他們的底(去挖 HTP 的 botnet... 阅读全帖 |
|
a****8
发帖数: 2771 | 18 【 以下文字转载自 Hardware 讨论区 】
发信人: googlebot (bot), 信区: Hardware
标 题: 【转帖】Linode 被 Hack 事件始末
发信站: BBS 未名空间站 (Wed May 8 11:49:48 2013, 美东)
TL; DR 版本:Linode 是躺著中槍的路人
上個月,Linode 被打下來,洩漏了一堆資訊。逼得很多人不得不換卡和換密碼。幾個
小時前,在 HackerNews 的一篇文章揭露 Linode 其實是路邊的那個倒楣鬼,人家不是
要揍他,而是揍他的客戶…
以下內容是基於 HN 上的一篇懶人包翻譯,然後加上HTP 雜誌原文裡的資訊。
故事是這樣的:
有個駭客組織叫 HTP,最近有個匿名組織假冒成另一個組織 “ac1db1tch3z” 想要挖
他們的底(去挖 HTP 的 botnet)。HTP 非常不爽想要報復,後來他們查到這個匿名組
織在用 SwiftIRC 這個 IRC 服務在聯絡。而 SwiftIRC 的 nameserver 放在 Linode..。
所以 HTP 想要把 Linode 打下來,hack 進 Sw... 阅读全帖 |
|
e***y
发帖数: 1152 | 19 你这个nmap的意义何在? 你要寻找的是 open ports for *outbound* traffic, namp只
能帮你找到一个特定ip/port时候接受 *inbound* traffic.
: nmap 在新手机的结果是所有port 都filter
: wifi连hotspot, 因为是内网 nmap没有意义 跳不出gateway,192.168.1.1 和
192.168
: .0.1 都tunneling 不出去
|
|
|
c**t
发帖数: 2744 | 21 Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-10-27 20:12 CDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1648 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
my $dbh = DBI->connect("DBI:mysql:database=mydb;
host=192.168.0.10;port=3306",
"root", "",
{'RaiseError' => 1}); |
|
z*****a
发帖数: 471 | 22 nmap -sP xxx.xxx.xxx.0/24
For example:
nmap -sP 192.168.1.0/24 |
|
f****a
发帖数: 847 | 23 nmap 在新手机的结果是所有port 都filter
wifi连hotspot, 因为是内网 nmap没有意义 跳不出gateway,192.168.1.1 和192.168
.0.1 都tunneling 不出去 |
|
m*********k
发帖数: 10521 | 24 本次统计截止时间为:2014-02-12 01:00:00 (美东时间)
成功奖励 20 伪币的用户: Algorithmic, Baoni, Cecila, coldwaves, diabloooo,
FlowerDrink, garfieldking, grant, HeiGuGu, helenhwu, IssieStevens, juanxi,
KingOfLunHui, kisskaren, lana1972, lghlmcl, Lihebo, liumanlin, lzqlaz, mgy,
mods, momo00, moonhoax, ninthframe, nmap, paopao1997, poof, pracci, purelens
, qed, RagdollLuna, Rani, richard1985, rubberban, siding, smallbull,
snapplegrape, sugarwang, swjtuer, TeacherWei, wh, xg2005, xiaoxiaoren,
yvonne33, zhaoce, zhumao, zlzh... 阅读全帖 |
|
k*********u
发帖数: 2897 | 25 他是想索贿吧?
你给他点礼金,一次就过了。
发信人: nmap (小望), 信区: Military
标 题: Re: 网友抱怨:上海越来越过不下去了 (转载)
发信站: BBS 未名空间站 (Sun Aug 1 19:50:30 2010, 美东)
(老搞笑的,每去一次,他们工作人员永远只指出一处错误,你拿回去改
了,下次给你指出另一处让你再回去)。
顶
公务员觉得这样有意思吗 |
|
w********2
发帖数: 632 | 26 The network services offered by major brands of BMCs different widely by
vendor, but here are some commonalities. Most BMCs expose some form of web-
based management, a command-line interface such as Telnet or Secure Shell,
and the IPMI network protocol on port 623 (UDP and sometimes TCP). The
example below shows the output of Nmap -sSV -p1-65535 scan against a
Supermicro BMC in its default configuration.
Supermicro IPMI (firmware SMT_X9_218)
PORT STATE SERVICE VERSION
22/tcp open ... 阅读全帖 |
|
f**********8
发帖数: 6 | 27 Please send your resume to a***[email protected] if interested.
Position: Software Engineer, Platform
Cyphort develops appliance and cloud based solutions that protect cloud
infrastructure against targeted attacks, corporate espionage and IP theft.
Our innovative approach detects armored malware, performs behavioral
clustering, and correlation algorithms for contextual threat prevention. We
are looking for smart people who collaborate, innovate and make great
security products. Whatever your role, y... 阅读全帖 |
|
x*********n
发帖数: 28013 | 28 use nmap to see。
ping is only detect layer2, send icmp packets, it means nothing. |
|
|
f**********8
发帖数: 6 | 30 Please send your resume to a***[email protected] if interested.
Position: Software Engineer, Platform
Cyphort develops appliance and cloud based solutions that protect cloud
infrastructure against targeted attacks, corporate espionage and IP theft.
Our innovative approach detects armored malware, performs behavioral
clustering, and correlation algorithms for contextual threat prevention. We
are looking for smart people who collaborate, innovate and make great
security products. Whatever your role, y... 阅读全帖 |
|
p*******m
发帖数: 20761 | 31 Access control bypass in Hikvision IP Cameras
From: Monte Crypto
Date: Tue, 12 Sep 2017 04:19:00 +0200 (CEST)
Access control bypass in Hikvision IP Cameras
Full disclosure
Sep 12, 2017
Synopsis:
---------------
Many Hikvision IP cameras contain a backdoor that allows unauthenticated
impersonation of any configured user account.
The vulnerability has been present in Hikvision products since at least 2014
. In addition to Hikvision-branded devices,
it affects many whi... 阅读全帖 |
|
|
|
m**a
发帖数: 1208 | 34 Matrix IV Integration
第二章 Culture Revolution 计划
2.9 风雨满楼
“这次你们队来了多少人?谁是队长?”Tribus问。
“十二个。我是。”Alias强打精神地回答。
“简要介绍一下队员的特点。”
“Traceroute找情报的来源是好手。Grep最善长大量搜索信息。Nmap是观察地形,绘制
地图的专家。Finger查人祖宗十八代最厉害。 Ping前线侦察火力试探最拿手。Connect
是我们的通信调度员。其它人个个都是打斗的好手。”
“你呢?”
“我的专长是化装侦察。咳,咳!”
“我看你的状态不是很好,我建议你先退出Matrix,然后再重新登录以保持清醒。你退
出Matrix的时候得带几个人出Matrix,我们今晚要把Matrix里外都搅个天翻地覆。”
众人一听豪气顿生:“Tribus大哥,我们都听你的,快给我们分配任务吧!我们这儿没
有孬种!”
Tribus略一思考,缓缓地说:“我们的任务代号是“釜底抽薪”。我们将分为三组。能
否打败特务取决于三组之间能否合作得天衣无缝。”
“第一组由我带领,成员有Traceroute,Grep,Nma |
|
|
f*******5
发帖数: 10321 | 36 Command:右边填 nmap -sT -T5 -p8129 server_ip |
|
f*******5
发帖数: 10321 | 37 it should only take a few seconds...
run nmap -sT -p135 -T5 other_windows_machine_ip to see the response of an
open port |
|
h**d
发帖数: 5208 | 38 scanned my computer.
Nmap scan report for 192.168.1.2
Host is up.
PORT STATE SERVICE
8129/tcp filtered unknown
Does that mean my computer's port is not open?
I cannot see my server through my router again.
WTF. |
|
o**v
发帖数: 1662 | 39 来自主题: EmergingNetworking版 - 急问 【 以下文字转载自 Linux 讨论区 】
发信人: ooev (失忆周末), 信区: Linux
标 题: 急问
发信站: BBS 未名空间站 (Wed Aug 29 21:50:06 2007), 转信
谁会用linux的工具给一个tcp连接发RST包?
nmap可以吗? |
|
z**r
发帖数: 17771 | 40 nmap or netcat, ...too many choices |
|
m******9
发帖数: 104 | 41 You can tell when you are using ssh for access from external? |
|
|
c****1
发帖数: 302 | 43 你的A的ssh service 的port对B所在的内网开放吗?
建议还是先检查一下你的A的farewall的iptables...
从B输入下面的command line,会得到什么结果?
nmap IP(A的IP)
22是open 或者是filtered port?
这一步如果没问题,再检查别的原因...
Windows)
ssh |
|
B********s
发帖数: 3610 | 44 在A运行 iptables -L 得到:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
在Windows机器(B)上怎么运行nmap? |
|
a*****i
发帖数: 4391 | 45 叫做"Stealing the network",是一个系列的。
我前几天在amazon(kindle store)里买的第一本(How to own the box), the book
is entertaining *PLUS* quite technical.
Just remember all the stories in the book is made up, so you don't go ar
ound, nmap every school host, and trip over IDSes, get yourself arreste
d. :) |
|
a*****i
发帖数: 4391 | 46
kao, 这哥们傻差?
不先nmap一下就直接实验port? |
|
