Viendo los log de mi apache veo unas conexiones desde el host
190.224.235.169
Por loque hago:
# nmap 190.224.235.169
Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-19 17:30 ART
Interesting ports on host169.190-224-235.telecom.net.ar
(190.224.235.169):
Not shown: 996 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
443/tcp open https
8080/tcp filtered http-proxy
10000/tcp open snet-sensor-mgmt
Nmap done: 1 IP address (1 host up) scanned in 6.20 seconds
debian:/home/buji# nmap -PN 190.224.235.169
Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-19 17:30 ART
Interesting ports on host169.190-224-235.telecom.net.ar
(190.224.235.169):
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
80/tcp open http
443/tcp open https
8080/tcp filtered http-proxy
10000/tcp open snet-sensor-mgmt
Nmap done: 1 IP address (1 host up) scanned in 8.36 seconds
debian:/home/buji# nmap -O 190.224.235.169
Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-19 17:31 ART
Interesting ports on host169.190-224-235.telecom.net.ar
(190.224.235.169):
Not shown: 996 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
443/tcp open https
8080/tcp filtered http-proxy
10000/tcp open snet-sensor-mgmt
No exact OS matches for host (If you know what OS is running on it, see
http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=2/19%OT=443%CT=1%CU=30753%PV=N%DS=3%G=Y%TM=4F415C38%P=i686
OS:-pc-linux-gnu)SEQ(SP=17%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=U)SEQ(SP=
OS:24%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=U)SEQ(SP=18%GCD=1000%ISR=B0%TI
OS:=I%CI=I%II=I%SS=S%TS=U)SEQ(SP=19%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=
OS:U)SEQ(SP=12%GCD=1000%ISR=B0%TI=I%CI=I%II=I%SS=S%TS=U)OPS(O1=M578%O2=M578
OS:%O3=M578%O4=M578%O5=M578%O6=M578)WIN(W1=800%W2=800%W3=800%W4=800%W5=800%
OS:W6=800)ECN(R=Y%DF=N%T=FE%W=800%O=M578%CC=N%Q=)T1(R=Y%DF=N%T=FE%S=O%A=S+%
OS:F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T4(R=Y
OS:%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR
OS:%O=%RD=0%Q=)T6(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=FE
OS:%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=FE%IPL=38%UN=0%RIPL=G%RID=G%R
OS:IPCK=G%RUCK=ADD8%RUD=G)IE(R=Y%DFI=N%T=FE%CD=S)
Network Distance: 3 hops
OS detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.46 seconds
Si alguno puede darme una opinión de esto?
Me llama la atención que dice que el port 80 esta abierto pero si hago
un telnet al 80 me da refused y por otro lado estos caracteres raros
cuando uso el parámetro -O?
Muchas Gracias.
Saludos.