---Help me with the problem after port scanning

- B
- Bill Zhao
  
  Contact options for registered users
posted
20 years ago

Tue, Dec 9, 2003 2:16 PM

My company is designing a ip phone based ti TMS320C5472 chip. The os inside is ucLinux. I am use the command "nmap -sT ipphone_ipaddress" under linux to scan it. The result is that the phone die, the ouput of namp after long time is as below:

--------------------------------------------------------------- Interesting ports on (192.168.98.97): (The 1299 ports scanned but not shown below are in state: filtered) Port State Service

2/tcp closed compressnet 13/tcp closed daytime 16/tcp closed unknown 18/tcp closed msp 25/tcp closed smtp 38/tcp closed rap 39/tcp closed rlp 44/tcp closed mpm-flags 45/tcp closed mpm 46/tcp closed mpm-snd 51/tcp closed la-maint 55/tcp closed isi-gl 64/tcp closed covia 67/tcp closed dhcp 79/tcp closed finger 83/tcp closed mit-ml-dev 95/tcp closed supdup 101/tcp closed hostname 103/tcp closed gppitnp 104/tcp closed acr-nema 117/tcp closed uucp-path 118/tcp closed sqlserv 132/tcp closed cisco-sys 137/tcp closed netbios-ns 141/tcp closed emfis-cntl 146/tcp closed iso-tp0 150/tcp closed sql-net 158/tcp closed pcmail-srv 165/tcp closed xns-courier 166/tcp closed s-net 174/tcp closed mailq 185/tcp closed remote-kis 187/tcp closed aci 196/tcp closed dn6-smm-red 198/tcp closed dls-mon 199/tcp closed smux 206/tcp closed at-zis 207/tcp closed at-7 208/tcp closed at-8 210/tcp closed z39.50 212/tcp closed anet 224/tcp closed unknown 225/tcp closed unknown 245/tcp closed link 249/tcp closed unknown 251/tcp closed unknown 252/tcp closed unknown 256/tcp closed rap 258/tcp closed yak-chat 260/tcp closed openport 263/tcp closed hdap 270/tcp closed unknown 272/tcp closed unknown 276/tcp closed unknown 281/tcp closed personal-link 285/tcp closed unknown 293/tcp closed unknown 297/tcp closed unknown 300/tcp closed unknown 302/tcp closed unknown 304/tcp closed unknown 307/tcp closed unknown 309/tcp closed entrusttime 316/tcp closed decauth 318/tcp closed unknown 329/tcp closed unknown 330/tcp closed unknown 331/tcp closed unknown 332/tcp closed unknown 336/tcp closed unknown 337/tcp closed unknown 345/tcp closed pawserv 348/tcp closed csi-sgwp 356/tcp closed cloanto-net-1 383/tcp closed hp-alarm-mgr 384/tcp closed arns 393/tcp closed dis 397/tcp closed mptn 399/tcp closed iso-tsap-c2 408/tcp closed prm-sm 423/tcp closed opc-job-start 428/tcp closed ocs_cmu 431/tcp closed utmpcd 434/tcp closed mobileip-agent 457/tcp closed scohelp 465/tcp closed smtps 469/tcp closed rcp 486/tcp closed sstats 496/tcp closed pim-rp-disc 503/tcp closed intrinsa 513/tcp closed login 518/tcp closed ntalk 533/tcp closed netwall 539/tcp closed apertus-ldp 540/tcp closed uucp 560/tcp closed rmonitor 566/tcp closed streettalk 569/tcp closed ms-rome 580/tcp closed sntp-heartbeat 582/tcp closed scc-security 589/tcp closed eyelink 600/tcp closed ipcserver 604/tcp closed unknown 622/tcp closed unknown 623/tcp closed unknown 626/tcp closed unknown 629/tcp closed unknown 630/tcp closed unknown 638/tcp closed unknown 645/tcp closed unknown 654/tcp closed unknown 661/tcp closed unknown 670/tcp closed unknown 677/tcp closed unknown 679/tcp closed unknown 683/tcp closed unknown 691/tcp closed resvc 695/tcp closed unknown 698/tcp closed unknown 699/tcp closed unknown 721/tcp closed unknown 734/tcp closed unknown 735/tcp closed unknown 738/tcp closed unknown 745/tcp closed unknown 748/tcp closed ris-cm 767/tcp closed phonebook 769/tcp closed vid 778/tcp closed unknown 797/tcp closed unknown 803/tcp closed unknown 808/tcp closed unknown 816/tcp closed unknown 845/tcp closed unknown 847/tcp closed unknown 848/tcp closed unknown 856/tcp closed unknown 859/tcp closed unknown 866/tcp closed unknown 868/tcp closed unknown 874/tcp closed unknown 880/tcp closed unknown 886/tcp closed unknown 895/tcp closed unknown 898/tcp closed unknown 900/tcp closed unknown 901/tcp closed samba-swat 905/tcp closed unknown 906/tcp closed unknown 907/tcp closed unknown 908/tcp closed unknown 912/tcp closed unknown 925/tcp closed unknown 946/tcp closed unknown 947/tcp closed unknown 955/tcp closed unknown 959/tcp closed unknown 962/tcp closed unknown 971/tcp closed unknown 972/tcp closed unknown 979/tcp closed unknown 982/tcp closed unknown 984/tcp closed unknown 992/tcp closed telnets 1004/tcp closed unknown 1032/tcp closed iad3 1067/tcp closed instl_boots 1084/tcp closed ansoft-lm-2 1109/tcp closed kpop 1110/tcp closed nfsd-status 1353/tcp closed relief 1358/tcp closed connlcli 1368/tcp closed screencast 1380/tcp closed telesis-licman 1415/tcp closed dbstar 1418/tcp closed timbuktu-srv2 1420/tcp closed timbuktu-srv4 1432/tcp closed blueberry-lm 1437/tcp closed tabula 1442/tcp closed cadis-2 1447/tcp closed apri-lm 1453/tcp closed genie-lm 1465/tcp closed pipes 1466/tcp closed oceansoft-lm 1471/tcp closed csdmbase 1475/tcp closed taligent-lm 1486/tcp closed nms_topo_serv 1490/tcp closed insitu-conf 1522/tcp closed rna-lm 1528/tcp closed mciautoreg 1529/tcp closed support 1544/tcp closed aspeclmd 1663/tcp closed netview-aix-3 1723/tcp closed pptp 1986/tcp closed licensedaemon 1991/tcp closed stun-p2 2002/tcp closed globe 2006/tcp closed invokator 2013/tcp closed raid-am 2017/tcp closed cypress-stat 2018/tcp closed terminaldb 2030/tcp closed device2 2044/tcp closed rimsl 2048/tcp closed dls-monitor 2106/tcp closed ekshell 2108/tcp closed rkinit 2112/tcp closed kip 2120/tcp closed kauth 2301/tcp closed compaqdiag 2430/tcp closed venus 2601/tcp closed zebra 2627/tcp closed webster 3005/tcp closed deslogin 3086/tcp closed sj3 3141/tcp closed vmodem 3264/tcp closed ccmail 3306/tcp closed mysql 3389/tcp closed msrdp 3455/tcp closed prsvp 3456/tcp closed vat 3462/tcp closed track 3900/tcp closed udt_os 4557/tcp closed fax 4559/tcp closed hylafax 5010/tcp closed telelpathstart 5232/tcp closed sgi-dgl 5301/tcp closed hacl-gs 5308/tcp closed cfengine 5432/tcp closed postgres 5520/tcp closed sdlog 5540/tcp closed sdreport 5680/tcp closed canna 5801/tcp closed vnc-1 6005/tcp closed X11:5 6007/tcp closed X11:7 6110/tcp closed softcm 6141/tcp closed meta-corp 6144/tcp closed statsci1-lm 6145/tcp closed statsci2-lm 6147/tcp closed montage-lm 6346/tcp closed gnutella 6667/tcp closed irc 7001/tcp closed afs3-callback 7002/tcp closed afs3-prserver 7003/tcp closed afs3-vlserver 7007/tcp closed afs3-bos 8081/tcp closed blackice-icecap 8082/tcp closed blackice-alerts 8892/tcp closed seosload 9991/tcp closed issa 22370/tcp closed hpnpd 27665/tcp closed Trinoo_Master 32777/tcp closed sometimes-rpc17 32779/tcp closed sometimes-rpc21 32786/tcp closed sometimes-rpc25

---------------------------------------------------------------

Somebody can tell me what problem this is. I do this because in the alpha demo some units died without reason.

Thanks in advance

Bill Zhao

- B
- Bill Zhao
  
  Contact options for registered users
Vote on answer
posted
20 years ago

Tue, Dec 9, 2003 2:19 PM

My company is designing a ip phone based ti TMS320C5472 chip. The os inside is ucLinux. I am use the command "nmap -sT ipphone_ipaddress" under linux to scan it. The result is that the phone die, the ouput of namp after long time is as below:

--------------------------------------------------------------- Interesting ports on (192.168.98.97): (The 1299 ports scanned but not shown below are in state: filtered) Port State Service

2/tcp closed compressnet 13/tcp closed daytime 16/tcp closed unknown 18/tcp closed msp 25/tcp closed smtp 38/tcp closed rap 39/tcp closed rlp 44/tcp closed mpm-flags 45/tcp closed mpm 46/tcp closed mpm-snd 51/tcp closed la-maint 55/tcp closed isi-gl 64/tcp closed covia 67/tcp closed dhcp 79/tcp closed finger 83/tcp closed mit-ml-dev 95/tcp closed supdup 101/tcp closed hostname 103/tcp closed gppitnp 104/tcp closed acr-nema 117/tcp closed uucp-path 118/tcp closed sqlserv 132/tcp closed cisco-sys 137/tcp closed netbios-ns 141/tcp closed emfis-cntl 146/tcp closed iso-tp0 150/tcp closed sql-net 158/tcp closed pcmail-srv 165/tcp closed xns-courier 166/tcp closed s-net 174/tcp closed mailq 185/tcp closed remote-kis 187/tcp closed aci 196/tcp closed dn6-smm-red 198/tcp closed dls-mon 199/tcp closed smux 206/tcp closed at-zis 207/tcp closed at-7 208/tcp closed at-8 210/tcp closed z39.50 212/tcp closed anet 224/tcp closed unknown 225/tcp closed unknown 245/tcp closed link 249/tcp closed unknown 251/tcp closed unknown 252/tcp closed unknown 256/tcp closed rap 258/tcp closed yak-chat 260/tcp closed openport 263/tcp closed hdap 270/tcp closed unknown 272/tcp closed unknown 276/tcp closed unknown 281/tcp closed personal-link 285/tcp closed unknown 293/tcp closed unknown 297/tcp closed unknown 300/tcp closed unknown 302/tcp closed unknown 304/tcp closed unknown 307/tcp closed unknown 309/tcp closed entrusttime 316/tcp closed decauth 318/tcp closed unknown 329/tcp closed unknown 330/tcp closed unknown 331/tcp closed unknown 332/tcp closed unknown 336/tcp closed unknown 337/tcp closed unknown 345/tcp closed pawserv 348/tcp closed csi-sgwp 356/tcp closed cloanto-net-1 383/tcp closed hp-alarm-mgr 384/tcp closed arns 393/tcp closed dis 397/tcp closed mptn 399/tcp closed iso-tsap-c2 408/tcp closed prm-sm 423/tcp closed opc-job-start 428/tcp closed ocs_cmu 431/tcp closed utmpcd 434/tcp closed mobileip-agent 457/tcp closed scohelp 465/tcp closed smtps 469/tcp closed rcp 486/tcp closed sstats 496/tcp closed pim-rp-disc 503/tcp closed intrinsa 513/tcp closed login 518/tcp closed ntalk 533/tcp closed netwall 539/tcp closed apertus-ldp 540/tcp closed uucp 560/tcp closed rmonitor 566/tcp closed streettalk 569/tcp closed ms-rome 580/tcp closed sntp-heartbeat 582/tcp closed scc-security 589/tcp closed eyelink 600/tcp closed ipcserver 604/tcp closed unknown 622/tcp closed unknown 623/tcp closed unknown 626/tcp closed unknown 629/tcp closed unknown 630/tcp closed unknown 638/tcp closed unknown 645/tcp closed unknown 654/tcp closed unknown 661/tcp closed unknown 670/tcp closed unknown 677/tcp closed unknown 679/tcp closed unknown 683/tcp closed unknown 691/tcp closed resvc 695/tcp closed unknown 698/tcp closed unknown 699/tcp closed unknown 721/tcp closed unknown 734/tcp closed unknown 735/tcp closed unknown 738/tcp closed unknown 745/tcp closed unknown 748/tcp closed ris-cm 767/tcp closed phonebook 769/tcp closed vid 778/tcp closed unknown 797/tcp closed unknown 803/tcp closed unknown 808/tcp closed unknown 816/tcp closed unknown 845/tcp closed unknown 847/tcp closed unknown 848/tcp closed unknown 856/tcp closed unknown 859/tcp closed unknown 866/tcp closed unknown 868/tcp closed unknown 874/tcp closed unknown 880/tcp closed unknown 886/tcp closed unknown 895/tcp closed unknown 898/tcp closed unknown 900/tcp closed unknown 901/tcp closed samba-swat 905/tcp closed unknown 906/tcp closed unknown 907/tcp closed unknown 908/tcp closed unknown 912/tcp closed unknown 925/tcp closed unknown 946/tcp closed unknown 947/tcp closed unknown 955/tcp closed unknown 959/tcp closed unknown 962/tcp closed unknown 971/tcp closed unknown 972/tcp closed unknown 979/tcp closed unknown 982/tcp closed unknown 984/tcp closed unknown 992/tcp closed telnets 1004/tcp closed unknown 1032/tcp closed iad3 1067/tcp closed instl_boots 1084/tcp closed ansoft-lm-2 1109/tcp closed kpop 1110/tcp closed nfsd-status 1353/tcp closed relief 1358/tcp closed connlcli 1368/tcp closed screencast 1380/tcp closed telesis-licman 1415/tcp closed dbstar 1418/tcp closed timbuktu-srv2 1420/tcp closed timbuktu-srv4 1432/tcp closed blueberry-lm 1437/tcp closed tabula 1442/tcp closed cadis-2 1447/tcp closed apri-lm 1453/tcp closed genie-lm 1465/tcp closed pipes 1466/tcp closed oceansoft-lm 1471/tcp closed csdmbase 1475/tcp closed taligent-lm 1486/tcp closed nms_topo_serv 1490/tcp closed insitu-conf 1522/tcp closed rna-lm 1528/tcp closed mciautoreg 1529/tcp closed support 1544/tcp closed aspeclmd 1663/tcp closed netview-aix-3 1723/tcp closed pptp 1986/tcp closed licensedaemon 1991/tcp closed stun-p2 2002/tcp closed globe 2006/tcp closed invokator 2013/tcp closed raid-am 2017/tcp closed cypress-stat 2018/tcp closed terminaldb 2030/tcp closed device2 2044/tcp closed rimsl 2048/tcp closed dls-monitor 2106/tcp closed ekshell 2108/tcp closed rkinit 2112/tcp closed kip 2120/tcp closed kauth 2301/tcp closed compaqdiag 2430/tcp closed venus 2601/tcp closed zebra 2627/tcp closed webster 3005/tcp closed deslogin 3086/tcp closed sj3 3141/tcp closed vmodem 3264/tcp closed ccmail 3306/tcp closed mysql 3389/tcp closed msrdp 3455/tcp closed prsvp 3456/tcp closed vat 3462/tcp closed track 3900/tcp closed udt_os 4557/tcp closed fax 4559/tcp closed hylafax 5010/tcp closed telelpathstart 5232/tcp closed sgi-dgl 5301/tcp closed hacl-gs 5308/tcp closed cfengine 5432/tcp closed postgres 5520/tcp closed sdlog 5540/tcp closed sdreport 5680/tcp closed canna 5801/tcp closed vnc-1 6005/tcp closed X11:5 6007/tcp closed X11:7 6110/tcp closed softcm 6141/tcp closed meta-corp 6144/tcp closed statsci1-lm 6145/tcp closed statsci2-lm 6147/tcp closed montage-lm 6346/tcp closed gnutella 6667/tcp closed irc 7001/tcp closed afs3-callback 7002/tcp closed afs3-prserver 7003/tcp closed afs3-vlserver 7007/tcp closed afs3-bos 8081/tcp closed blackice-icecap 8082/tcp closed blackice-alerts 8892/tcp closed seosload 9991/tcp closed issa 22370/tcp closed hpnpd 27665/tcp closed Trinoo_Master 32777/tcp closed sometimes-rpc17 32779/tcp closed sometimes-rpc21 32786/tcp closed sometimes-rpc25

---------------------------------------------------------------

Somebody can tell me what problem this is. I do this because in the alpha demo some units died without reason.

Thanks in advance

Bill Zhao

- D
- Damion de Soto
  
  Contact options for registered users
Vote on answer
posted
20 years ago

Tue, Dec 9, 2003 11:36 PM

Hi Bill > I am use the command "nmap -sT ipphone_ipaddress"

Are you saying the phone dies when you run nmap ?

What led you to believe this was caused by people port-scanning them?

All the ports are closed or filtered, it seems strange that any daemon/servers running on the phone could therefore make it die.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

- T
- Tauno Voipio
  
  Contact options for registered users
Vote on answer
posted
20 years ago

Sat, Dec 13, 2003 4:48 PM

--- snip snip ---

The phone IP stack may get overloaded due to the port scan. Experiment with the nmap timing.

The closed/filtered decision is made so that a port sending nothing is filtered and a port sending RST is closed. Ignoring an uninvited SYN may be less of load for the IP stack, as no responses are sent (though this is not regarded as neat behaviour).

HTH

Tauno Voipio tauno voipio @ iki fi

- B
- Bill Zhao
  
  Contact options for registered users
Vote on answer
posted
20 years ago

Fri, Dec 19, 2003 4:52 AM

"Tauno Voipio" ?ÈëÏû?ÐÂÎÅ :xpHCb.383$ snipped-for-privacy@read3.inet.fi...

with

overload is correct. I scan using -p portrange step by step. the phone stand this. the service ports can be showed normally. Somebody else in my company repeat my scan by the inside-vmware linux, no this problem happen.

be

not

How to ignoring an uninvited SUN packets ?

- B
- Bill Zhao
  
  Contact options for registered users
Vote on answer
posted
20 years ago

Fri, Dec 19, 2003 8:02 AM

"Damion de Soto" ??????: snipped-for-privacy@snapgear.com...

I thought that some there are virus-infected and send out bad packets.

daemon/servers