it might also be because you cant do a SYN stealth scan as non-root (which
is default if you are root) and you have to use the normal TCP Connect
method if you arnt root
On Sun, 8 Aug 2004, c0ldbyte wrote:
> > From: Zoran Kolic <kolicz@eunet.yu>
> > Subject: about nmap
> > To: freebsd-security@freebsd.org
> > Message-ID: <20040808053526.GA652@kolic.net>
> > Content-Type: text/plain; charset=us-ascii
> >
> > Dear all!
> > Last evening I've noticed that
> > my 5.2 box had strange result
> > about nmap search. One port is
> > randomly open when I look from
> > user account. From root everything
> > looks as expected. The comp is
> > most time out of internet. The
> > last thing was adding "expect"
> > package. I am not paniced, could
> > be hiting... Or something in
> > "expect" package... It is random
> > port from 53000 to 57000.
> > Has someone any idea?
> > Best regards.
> >
> > ZK
> >
> Yes this is going to be one of the ports that nmap uses to relay or
> recieve information back to the client itself. Everything that has
> anything to do with analyzing the network is going to open a port
> to recieve back on and most commonly if its because your noticing
> that port well scanning from a user account its just because of the
> nmap software picking that port up and not ignoring it like it should
> be.
>
> This e-mail may be privileged and/or confidential, and the sender
> does not waive any related rights and obligations. Any distribution, use
> or copying of this e-mail or the information it contains by other than an
> intended recipient is unauthorized. If you received this e-mail in error,
> please advise me (by return e-mail or otherwise) immediately.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"
>