Linux Scanning and ...
 
Notifications
Clear all

Linux Scanning and Discovery technique problems

9 Posts
3 Users
0 Likes
730 Views
(@dougie1809)
Posts: 17
Active Member
Topic starter
 

Hi,

I am using scanning tools such as Nmap to identify vulnerable ports on remote Linux systems on the local network. I have virtualbox on my Windows 7 host where I have two Linux VM's that I am testing these techniques between. The two virtual machines are Fedora 14 and Backtrack R2 V5. When I scan these two VM's, according to Nmap all ports are filtered and not in use, but when I use netstat locally on them I can see available open ports such are 111 (SunRPC). Can anyone figure out why I can't see these available ports remotely?

Thanks

 
Posted : 14/01/2013 7:45 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

What sort of networking do you have set up in VirtualBox?

Can you ping either box?

 
Posted : 14/01/2013 7:50 pm
(@dougie1809)
Posts: 17
Active Member
Topic starter
 

I have bridged the two VM's to the local network so they have their own IP address.
Yes I can ping the two VM's from the host Windows 7, and the two VM's can also ping each other.

 
Posted : 14/01/2013 7:57 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

What command line are you using to run nmap?

Is there a firewall enabled on either VM, or on the system from which you're scanning?

 
Posted : 14/01/2013 8:34 pm
(@dougie1809)
Posts: 17
Active Member
Topic starter
 

I'm running arguments such as -sS (for TCP scan), sU (UDP scan) and the IP network address prefix (192.1.168.1.0/24) which scan's this home network, it successively identifies the VM's (host is up), and scans the default 1000 ports without specifying what ports to scan. But all ports are filtered?

I have Avira installed on the host Win7, but no such firewall or ani-virus software on the VM's.

Thanks

 
Posted : 14/01/2013 9:46 pm
(@xennith)
Posts: 177
Estimable Member
 

BT by default has no open ports and boots with networking disabled, you have to bring the eth0 interface up and get an IP.

The reason that you are getting crap results is because you're using -sU to specify a UDP scan. Try this

On your BT bring up the interface and get an IP, then start apache

service apache2 start

Then try scanning the eth0 interface

nmap 192.168.0.10 (or whatever)

You should get a response from port 80, then try some fun options

nmap 192.168.0.10 -sV
nmap 192.168.0.10 -sC
nmap 192.168.0.10 -O

Avoid using the -sU switch for now, and dont mix options while you're learning how it works, I recommend some background reading from the nmap site.

You probably want to play with the various host discovery options and tools available, the -sn -PM -PP -Pn switches in nmap for example, and tools such as arp-scan (which is bloody useful when hosts dont respond to ping). Apparently theres this thing called unicornscan as well and netcat makes a great emergency scanner.

 
Posted : 14/01/2013 9:59 pm
(@dougie1809)
Posts: 17
Active Member
Topic starter
 

Thanks for the reply.

How do I go about changing the adapter to eth0 connection? Because I had internet connection when I created the VM's from virtualbox.

When I do service apache2 start, I get the following error

"apache2 Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName"

I dont understand why apache is using 127.0.1.1 when it should be 127.0.0.1?

Thanks

 
Posted : 17/01/2013 5:35 pm
(@dougie1809)
Posts: 17
Active Member
Topic starter
 

Sorry, I figured out how to fix the apache2 error with a google search.

And according to 'ifconfig' I am currently using the eth0 adapter?

Thanks

 
Posted : 17/01/2013 6:24 pm
(@xennith)
Posts: 177
Estimable Member
 

Traffic will be sent to various networks from whatever interface has a route to it depending on your routing table.

I wouldnt worry about it tbh, as long as you can get traffic to the target IP I dont really see what the issue is.

 
Posted : 17/01/2013 10:39 pm
Share: