voodoo:~#iplog −o −L −z −i eth0
Feb 20 13:20:54 TCP: SYN scan detected [ports 10082,1430,770,815,440,86,848,797,560,5998,...] f
Feb 20 13:20:56 TCP: Bogus TCP flags set by 192.168.0.50:49054 (dest port 22)
Feb 20 13:20:56 UDP: dgram to port 1 from 192.168.0.50:49047 (300 data bytes)
Feb 20 13:20:56 ICMP: 192.168.0.50: port is unreachable to (udp: dest port 1, source port 49047
Feb 20 13:20:58 UDP: dgram to port 1 from 192.168.0.50:49047 (300 data bytes)
Feb 20 13:20:58 ICMP: 192.168.0.50: port is unreachable to (udp: dest port 1, source port 49047
Feb 20 13:21:01 UDP: dgram to port 1 from 192.168.0.50:49047 (300 data bytes)
Feb 20 13:21:01 ICMP: 192.168.0.50: port is unreachable to (udp: dest port 1, source port 49047
Feb 20 13:21:04 TCP: Xmas scan detected [ports 1,9,49055,49056,49054] from 192.168.0.50 [ports
Feb 20 13:21:05 UDP: dgram to port 1 from 192.168.0.50:49047 (300 data bytes)
Feb 20 13:21:05 ICMP: 192.168.0.50: port is unreachable to (udp: dest port 1, source port 49047
Feb 20 13:21:12 TCP: null scan detected [ports 9,49056,49060,49054] from 192.168.0.50 [ports 49
Feb 20 13:21:13 TCP: FIN scan detected [ports 49060,49054,9,1] from 192.168.0.50 [ports 1,9,490
Feb 20 13:21:56 TCP: SYN scan mode expired for 192.168.0.50 − received a total of 1647 packets
Feb 20 13:21:56 TCP: Xmas scan mode expired for 192.168.0.50 − received a total
of 33812 packets (676300 bytes).
Feb 20 13:22:03 TCP: null scan mode expired for 192.168.0.50 − received a total
of 16462 packets (329300 bytes).
Feb 20 13:22:04 TCP: FIN scan mode expired for 192.168.0.50 − received a total of 16343 packets
# nmap (V. 3.10ALPHA4) scan initiated Thu Feb 20 13:20:54 2003 as: nmap −vv −sS
−O −oN nmap3.log 192.168.0.19
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on voodoo (127.0.0.1):
(The 1599 ports scanned but not shown below are in state: closed)
Port
State
Service
22/tcp
open
ssh
25/tcp
open
smtp
80/tcp
open
http
143/tcp
open
imap2
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org
TCP/IP fingerprint:
SInfo(V=3.10ALPHA4%P=i586−pc−linux−gnu%D=2/20%Time=3E54C833%O=9%C=1)
T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=Y%DF=N%W=0%ACK=O%Flags=BA%Ops=)
T2(Resp=Y%DF=Y%W=100%ACK=O%Flags=BARF%Ops=)
T2(Resp=Y%DF=Y%W=100%ACK=O%Flags=BPF%Ops=)
T3(Resp=Y%DF=N%W=0%ACK=O%Flags=BA%Ops=)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=O%Flags=BA%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

# Nmap run completed at Thu Feb 20 13:21:07 2003 −− 1 IP address (1 host up) scanned in 13.633
file iplog_tcp.c, line 99:
if (opt_enabled(FOOL_NMAP) &&
((tcp_flags & TH_BOG) || (tcp_flags == TH_PUSH) || (tcp_flags == 0) ||
((tcp_flags & (TH_SYN | TH_FIN | TH_RST)) && (tcp_flags & TH_URG)) ||
((tcp_flags & TH_SYN) && (tcp_flags & (TH_FIN | TH_RST)))))

Advertisements