Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 02 > 120298.html (Request Expert securityfocus.com Support)

Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second

From: Fyodor <fyodor(at)insecure.org>
Date: Tue Dec 24 2002 - 14:18:16 EST

On Mon, Dec 23, 2002 at 09:33:59PM -0800, alfaentomega wrote: 

>

> I found out that by default nmap doesn't scan every

This may be a problem with your Linux kernel. When Nmap (or many other applications, such as Telnet) does a connect() call, the OS is supposed to choose a good souce port to bind to for the connection. When you connect() to a ephemeral port (1024-4999 or so) on localhost, there is a chance that the system will decide to use as a source port the very port you are connecting to. In a bizarre twist, the application then ends up "connecting to itself"! I consider this to be a Linux kernel bug, but my reports to the linux-kernel list (and offers to fix the problem) have been unheeded. Here is my first posting (from 1999):

http://marc.theaimsgroup.com/?l=linux-kernel&m=93598368005241&w=2

So the short summary is that it is just a Linux bug which the developers argue is a feature that they don't intend to fix. I do have a workaround in place for Nmap versions released in the last two or three years -- what version of Nmap are you using and what are the exact command-line arguments?

New versions of the Nmap Security Scanner can be found at http://www.insecure.org/nmap/

Cheers,
Fyodor


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Dec 27 12:00:42 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:55 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library