±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 0
Overall: 27350
Visitors: 45

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Linux Scanning and Discovery technique problems

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Linux Scanning and Discovery technique problems

Post Posted: Mon Jan 14, 2013 9:45 am

Hi,

I am using scanning tools such as Nmap to identify vulnerable ports on remote Linux systems on the local network. I have virtualbox on my Windows 7 host where I have two Linux VM's that I am testing these techniques between. The two virtual machines are Fedora 14 and Backtrack R2 V5. When I scan these two VM's, according to Nmap all ports are filtered and not in use, but when I use netstat locally on them I can see available open ports such are 111 (SunRPC). Can anyone figure out why I can't see these available ports remotely?

Thanks  

dougie1809
Member
 
 
  

Re: Linux Scanning and Discovery technique problems

Post Posted: Mon Jan 14, 2013 9:50 am

What sort of networking do you have set up in VirtualBox?

Can you ping either box?  

keydet89
Senior Member
 
 
  

Re: Linux Scanning and Discovery technique problems

Post Posted: Mon Jan 14, 2013 9:57 am

I have bridged the two VM's to the local network so they have their own IP address.
Yes I can ping the two VM's from the host Windows 7, and the two VM's can also ping each other.  

dougie1809
Member
 
 
  

Re: Linux Scanning and Discovery technique problems

Post Posted: Mon Jan 14, 2013 10:34 am

What command line are you using to run nmap?

Is there a firewall enabled on either VM, or on the system from which you're scanning?  

keydet89
Senior Member
 
 
  

Re: Linux Scanning and Discovery technique problems

Post Posted: Mon Jan 14, 2013 11:46 am

I'm running arguments such as -sS (for TCP scan), sU (UDP scan) and the IP network address prefix (192.1.168.1.0/24) which scan's this home network, it successively identifies the VM's (host is up), and scans the default 1000 ports without specifying what ports to scan. But all ports are filtered?

I have Avira installed on the host Win7, but no such firewall or ani-virus software on the VM's.

Thanks  

dougie1809
Member
 
 
  

Re: Linux Scanning and Discovery technique problems

Post Posted: Mon Jan 14, 2013 11:59 am

BT by default has no open ports and boots with networking disabled, you have to bring the eth0 interface up and get an IP.

The reason that you are getting crap results is because you're using -sU to specify a UDP scan. Try this:

On your BT bring up the interface and get an IP, then start apache:

service apache2 start

Then try scanning the eth0 interface:

nmap 192.168.0.10 (or whatever)

You should get a response from port 80, then try some fun options:

nmap 192.168.0.10 -sV
nmap 192.168.0.10 -sC
nmap 192.168.0.10 -O

Avoid using the -sU switch for now, and dont mix options while you're learning how it works, I recommend some background reading from the nmap site.

You probably want to play with the various host discovery options and tools available, the -sn -PM -PP -Pn switches in nmap for example, and tools such as arp-scan (which is bloody useful when hosts dont respond to ping). Apparently theres this thing called unicornscan as well and netcat makes a great emergency scanner.  

Xennith
Senior Member
 
 
  

Re: Linux Scanning and Discovery technique problems

Post Posted: Thu Jan 17, 2013 7:35 am

Thanks for the reply.

How do I go about changing the adapter to eth0 connection? Because I had internet connection when I created the VM's from virtualbox.

When I do service apache2 start, I get the following error:

"apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName"

I dont understand why apache is using 127.0.1.1 when it should be 127.0.0.1?

Thanks  

dougie1809
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next