[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Mas sobre Apache



Viendo los log de mi apache veo unas conexiones desde el host 190.224.235.169

Por loque hago:

# nmap 190.224.235.169

Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-19 17:30 ART
Interesting ports on host169.190-224-235.telecom.net.ar (190.224.235.169):
Not shown: 996 closed ports
PORT      STATE    SERVICE
25/tcp    filtered smtp
443/tcp   open     https
8080/tcp  filtered http-proxy
10000/tcp open     snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 6.20 seconds
debian:/home/buji# nmap -PN 190.224.235.169

Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-19 17:30 ART
Interesting ports on host169.190-224-235.telecom.net.ar (190.224.235.169):
Not shown: 995 closed ports
PORT      STATE    SERVICE
25/tcp    filtered smtp
80/tcp    open     http
443/tcp   open     https
8080/tcp  filtered http-proxy
10000/tcp open     snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 8.36 seconds
debian:/home/buji# nmap -O 190.224.235.169

Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-19 17:31 ART
Interesting ports on host169.190-224-235.telecom.net.ar (190.224.235.169):
Not shown: 996 closed ports
PORT      STATE    SERVICE
25/tcp    filtered smtp
443/tcp   open     https
8080/tcp  filtered http-proxy
10000/tcp open     snet-sensor-mgmt
No exact OS matches for host (If you know what OS is running on it, see
http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=2/19%OT=443%CT=1%CU=30753%PV=N%DS=3%G=Y%TM=4F415C38%P=i686
OS:-pc-linux-gnu)SEQ(SP=17%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=U)SEQ(SP=
OS:24%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=U)SEQ(SP=18%GCD=1000%ISR=B0%TI
OS:=I%CI=I%II=I%SS=S%TS=U)SEQ(SP=19%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=
OS:U)SEQ(SP=12%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=U)OPS(O1=M578%O2=M578
OS:%O3=M578%O4=M578%O5=M578%O6=M578)WIN(W1=800%W2=800%W3=800%W4=800%W5=800%
OS:W6=800)ECN(R=Y%DF=N%T=FE%W=800%O=M578%CC=N%Q=)T1(R=Y%DF=N%T=FE%S=O%A=S+%
OS:F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T4(R=Y
OS:%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR
OS:%O=%RD=0%Q=)T6(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=FE
OS:%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=FE%IPL=38%UN=0%RIPL=G%RID=G%R
OS:IPCK=G%RUCK=ADD8%RUD=G)IE(R=Y%DFI=N%T=FE%CD=S)

Network Distance: 3 hops

OS detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.46 seconds

Si alguno puede darme una opinión de esto?

Me llama la atención que dice que el port 80 esta abierto pero si hago un telnet al 80 me da refused y por otro lado estos caracteres raros cuando uso el parámetro -O?

Muchas Gracias.

Saludos.


Reply to: