Ubuntu Security :: HOW TO Installing NMap 5.20 In X64
Jan 22, 2010
If you have been trying to compile & install the new NMAP 5.20 scanning utility as a 64 bit user, you may have run into some issues as I did...The compiler will halt when you attempt to 'make', saying that you need to recompile using -fPIC.The fix: "./configure CXXFLAGS=-fPIC CFLAGS=-fPIC LPFLAGS=-fPIC"then rerun "make".I hope this helps someone, as it took me way longer than it should have to get this going. Enjoy the new versions as it is supposed to have 10,000 updated OS detection signatures and new scripts!
I wouldn't call myself paranoid, but I do try to keep reasonably secure on my home network (WPA encryption, router firewall, etc.). I also occasionally use nmap to make sure I don't see any unknown computers logged into my network. The problem is I have five computers that all use DHCP on the network and they are not all up all of the time. At most, there are two to three online at any one time.
So, my question is: Do any of the IP addresses remain in the router's database for a computer that has gone offline (shutdown)?
The reason for my question is that today I ran nmap on my home network and noted an IP address that was not currently up on the network. It is, however, an address that is frequently assigned to one of the computers when it is online, but that address was not up at the time I ran nmap. Just trying to make sure my network is not being used by some nearby computer.
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET Host 192.168.0.4 appears to be up. Host 192.168.7.27 appears to be up. Host 192.168.10.0 appears to be up.
Are there any possible options to archive this w/ the 2.6.34 kernel? I know windows can do this w/ a button and BSD can drop packets when connected to closed ports...is IP personality usable in 2.6? Do I need work-arounds? any more options??Currently I've managed to @%#$ my OS fingerprints so results won't show as Linux.4/2.6...etc, but the problem is.. instead it's got the word "Redhat" in it (which is well... worse... because now.. if someone looks at my machine he/she'll know I am on either RHEL/Fedora )
I am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
i am having problem in downloading and installing nmap network scanner program in my fedora 10 machine...can any body help me from where i can download and install nmap using command line or ssh session on my fedora machine...
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
With an Ubuntu 10.10 upgraded from 10.04, under Software Sources, Updates, there is a radio button marked "Install security updates without confirmation." I have this radio button marked, but still get "Important security updates" almost daily in my update manager. I don't remember this feature actually ever working.
Hopefully Ody has found a result in the 5 years since he posted this question, for anyone else looking for an answer NMAP scan for a range of individual IP's can be done using the '-' for example: (this is accurate as of 2010, actual results have been altered to match OP's address range)
$nmap -sP 192.168.0.1-14
Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-22 09:55 Interesting ports on 192.168.0.1: Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http
Interesting ports on 192.168.0.2 Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http
Interesting ports on 192.168.0.3: Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http
Nmap done: 14 IP addresses (3 hosts up) scanned in 8.08 seconds
i have old version for nmap:root@bt:~# nmap --version nmap version 5.35DC1 ( http://nmap.org ) i download new version, but before i install it, is there a way to upgrade the old one on my system? or need to un-install the old version and install the new version? i tried this:
root@bt:~# yum upgrade nmap Setting up Upgrade Process Could not find update match for nmap No Packages marked for Update root@bt:~#
I have been trying to configure an MTA (sendmail) on a new Debian installation to receive system messages and local network mail. I have no need to fetch or relay mail outside my teeny LAN. The logs on the sending machine told me the mails were refused by the receiving (Debian Lenny) system. So I ran some quick nmap scans. From the sending machine, scanning the Debian machine:
PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind
From the Debian machine, running 'nmap localhost':
PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 587/tcp open submission
From the Debian machine, running 'nmap debian' (this is a virtual machine named debian) :
PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind
Why the two different results? How do I get the scans to be the same so I can, eventually, configure an MTA?
Since I no longer have access to a spare machine to actually test this out on, I was hoping some kind soul might know the answer, or be willing to try it out for me. I'm trying to find out if the port scanner nmap can detect two different services which are sharing a single port. For instance, if I'd managed to set up, I dunno, a web server and an ftp server to both run over the same port, would nmap with version detection be able to detect both of them, or just one?
I'm not too sure if this is the right topic to post in but if it isn't please move it to the correct topic. I recently opened some ports for my Playstation 3 and the connection test on the PS3 tells me that the ports are open . But when I execute this command
nmap -p 0-60000 192.168.1.5 I get this
Quote:
Starting Nmap 5.21 ( http://nmap.org ) at 2010-10-16 20:54 AUS Eastern Daylight Time Nmap scan report for PS3 (192.168.1.5) Host is up (0.00063s latency). All 60001 scanned ports on PS3 (192.168.1.5) are closed MAC Address: **:**:**:**:**:** (Sony Computer Entertainment)
Nmap done: 1 IP address (1 host up) scanned in 4.12 seconds
I could be executing the wrong command or something but I have read through the manual and couldn't find anything that helped. I have tried this command on other machines that I have opened ports for and get similar results except for a few Ephemeral ports (80,443 etc.) which also makes me wonder why these aren't listed as open on the PS3?
I scanned my home machine (windows vista) with Nmap, after disabling the firewall and all ports came back with the status as unknown (No Open Ports). Why no ports are showing as open?
I want to identify all the computers on my LAN that have port 80 open. So I want to scan an IP range (192.168.0-255.0-255) and have Nmap print onto the screen all the IPaddresses it scanned that are accepting connections on port 80. How do I do this?
I'm currently doing some experiments with nmap in a Backtrack 5 VM environment. I am currently at a cafeteria and I'm connected to the (open :S) network at the shop with my Windows machine. In the BT VM I'm trying to scanning my Windows machine (with another network adapter) but I'm getting unexpected results:
nmap -A Aggressive -sS -O 10.236.xxx.xxx Starting Nmap 5.51 ( http://nmap.org ) at 2011-07-09 12:11 CDT Nmap scan report for Aggressive (67.215.xxx.xxx) Host is up (0.17s latency). rDNS record for 67.215.xxx.xxx: hit-nxdomain.opendns.com Not shown: 999 filtered ports PORT STATE SERVICE VERSION 80/tcp open http lighttpd 1.4.19 |_http-methods: No Allow or Public header in OPTIONS response (status code 302) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.9, Linux 2.6.9 - 2.6.30 Network Distance: 1 hop TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 14.97 ms hit-nxdomain.opendns.com (67.215.xxx.xxx)
10.236.xxx.xxx is my Windows machine but another machine in the network (67.215.xxx.xxx) is currently replying to my nmap scanning.
I am running a scan via nmap (nmap -sP) and the out put looks similar to this:
Nmap scan report for x.y.z.com (10.x.x.x) Nmap scan report for 10.x.x.x
If it can resolve the hostname it does, if not it just spits out the IP. I would like to know the best syntax to use with cut, or awk, so that the only output is either the IP or IP - HOSTNAME.
Strange issue here when trying to verify firewall on Server 8.04. No ftp service running at all on server, but both nmap and netcat report port 21 as being open, even though it isn't.I am 100% sure that port 21 is not actually accessible and iptables rules are fine. Trying to connect to the port fails, yet nmap and netcat seem to report a "false positive"?Have also checked on a number of other servers I'm running, and this "false positive" seems to apply to all of them.
I just finished installing and configuring 'TOR' to work in conjunction with 'Polipo' and then I realized I forgot to install it Vidalia. Am I still able to install vidalia so I am able to access the GUI to get a visual on what is going on? Or will it interfere with the TOR/Polipo team?
can anyone advise the best practice of installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
Long time lurker, first time posting. i've been using ubuntu for the last 2 years, since my vista went kapoft, mainly for browsing/word editing. Never had any problem until this morning.Any ideas? should i do a clean reinstall, like a good windows user, or maybe upgrade to 9.10 and hope this error go away, or even completely ignore this package and go on with my life?
