---Help me with the problem after port scanning

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
My company is designing a ip phone based ti TMS320C5472 chip. The os
inside is ucLinux. I am use the command "nmap -sT ipphone_ipaddress"
under linux to scan it. The result is that the phone die, the ouput of
namp after long time is as below:
---------------------------------------------------------------
Interesting ports on  (192.168.98.97):
(The 1299 ports scanned but not shown below are in state: filtered)
Port       State       Service
2/tcp      closed      compressnet
13/tcp     closed      daytime
16/tcp     closed      unknown
18/tcp     closed      msp
25/tcp     closed      smtp
38/tcp     closed      rap
39/tcp     closed      rlp
44/tcp     closed      mpm-flags
45/tcp     closed      mpm
46/tcp     closed      mpm-snd
51/tcp     closed      la-maint
55/tcp     closed      isi-gl
64/tcp     closed      covia
67/tcp     closed      dhcp
79/tcp     closed      finger
83/tcp     closed      mit-ml-dev
95/tcp     closed      supdup
101/tcp    closed      hostname
103/tcp    closed      gppitnp
104/tcp    closed      acr-nema
117/tcp    closed      uucp-path
118/tcp    closed      sqlserv
132/tcp    closed      cisco-sys
137/tcp    closed      netbios-ns
141/tcp    closed      emfis-cntl
146/tcp    closed      iso-tp0
150/tcp    closed      sql-net
158/tcp    closed      pcmail-srv
165/tcp    closed      xns-courier
166/tcp    closed      s-net
174/tcp    closed      mailq
185/tcp    closed      remote-kis
187/tcp    closed      aci
196/tcp    closed      dn6-smm-red
198/tcp    closed      dls-mon
199/tcp    closed      smux
206/tcp    closed      at-zis
207/tcp    closed      at-7
208/tcp    closed      at-8
210/tcp    closed      z39.50
212/tcp    closed      anet
224/tcp    closed      unknown
225/tcp    closed      unknown
245/tcp    closed      link
249/tcp    closed      unknown
251/tcp    closed      unknown
252/tcp    closed      unknown
256/tcp    closed      rap
258/tcp    closed      yak-chat
260/tcp    closed      openport
263/tcp    closed      hdap
270/tcp    closed      unknown
272/tcp    closed      unknown
276/tcp    closed      unknown
281/tcp    closed      personal-link
285/tcp    closed      unknown
293/tcp    closed      unknown
297/tcp    closed      unknown
300/tcp    closed      unknown
302/tcp    closed      unknown
304/tcp    closed      unknown
307/tcp    closed      unknown
309/tcp    closed      entrusttime
316/tcp    closed      decauth
318/tcp    closed      unknown
329/tcp    closed      unknown
330/tcp    closed      unknown
331/tcp    closed      unknown
332/tcp    closed      unknown
336/tcp    closed      unknown
337/tcp    closed      unknown
345/tcp    closed      pawserv
348/tcp    closed      csi-sgwp
356/tcp    closed      cloanto-net-1
383/tcp    closed      hp-alarm-mgr
384/tcp    closed      arns
393/tcp    closed      dis
397/tcp    closed      mptn
399/tcp    closed      iso-tsap-c2
408/tcp    closed      prm-sm
423/tcp    closed      opc-job-start
428/tcp    closed      ocs_cmu
431/tcp    closed      utmpcd
434/tcp    closed      mobileip-agent
457/tcp    closed      scohelp
465/tcp    closed      smtps
469/tcp    closed      rcp
486/tcp    closed      sstats
496/tcp    closed      pim-rp-disc
503/tcp    closed      intrinsa
513/tcp    closed      login
518/tcp    closed      ntalk
533/tcp    closed      netwall
539/tcp    closed      apertus-ldp
540/tcp    closed      uucp
560/tcp    closed      rmonitor
566/tcp    closed      streettalk
569/tcp    closed      ms-rome
580/tcp    closed      sntp-heartbeat
582/tcp    closed      scc-security
589/tcp    closed      eyelink
600/tcp    closed      ipcserver
604/tcp    closed      unknown
622/tcp    closed      unknown
623/tcp    closed      unknown
626/tcp    closed      unknown
629/tcp    closed      unknown
630/tcp    closed      unknown
638/tcp    closed      unknown
645/tcp    closed      unknown
654/tcp    closed      unknown
661/tcp    closed      unknown
670/tcp    closed      unknown
677/tcp    closed      unknown
679/tcp    closed      unknown
683/tcp    closed      unknown
691/tcp    closed      resvc
695/tcp    closed      unknown
698/tcp    closed      unknown
699/tcp    closed      unknown
721/tcp    closed      unknown
734/tcp    closed      unknown
735/tcp    closed      unknown
738/tcp    closed      unknown
745/tcp    closed      unknown
748/tcp    closed      ris-cm
767/tcp    closed      phonebook
769/tcp    closed      vid
778/tcp    closed      unknown
797/tcp    closed      unknown
803/tcp    closed      unknown
808/tcp    closed      unknown
816/tcp    closed      unknown
845/tcp    closed      unknown
847/tcp    closed      unknown
848/tcp    closed      unknown
856/tcp    closed      unknown
859/tcp    closed      unknown
866/tcp    closed      unknown
868/tcp    closed      unknown
874/tcp    closed      unknown
880/tcp    closed      unknown
886/tcp    closed      unknown
895/tcp    closed      unknown
898/tcp    closed      unknown
900/tcp    closed      unknown
901/tcp    closed      samba-swat
905/tcp    closed      unknown
906/tcp    closed      unknown
907/tcp    closed      unknown
908/tcp    closed      unknown
912/tcp    closed      unknown
925/tcp    closed      unknown
946/tcp    closed      unknown
947/tcp    closed      unknown
955/tcp    closed      unknown
959/tcp    closed      unknown
962/tcp    closed      unknown
971/tcp    closed      unknown
972/tcp    closed      unknown
979/tcp    closed      unknown
982/tcp    closed      unknown
984/tcp    closed      unknown
992/tcp    closed      telnets
1004/tcp   closed      unknown
1032/tcp   closed      iad3
1067/tcp   closed      instl_boots
1084/tcp   closed      ansoft-lm-2
1109/tcp   closed      kpop
1110/tcp   closed      nfsd-status
1353/tcp   closed      relief
1358/tcp   closed      connlcli
1368/tcp   closed      screencast
1380/tcp   closed      telesis-licman
1415/tcp   closed      dbstar
1418/tcp   closed      timbuktu-srv2
1420/tcp   closed      timbuktu-srv4
1432/tcp   closed      blueberry-lm
1437/tcp   closed      tabula
1442/tcp   closed      cadis-2
1447/tcp   closed      apri-lm
1453/tcp   closed      genie-lm
1465/tcp   closed      pipes
1466/tcp   closed      oceansoft-lm
1471/tcp   closed      csdmbase
1475/tcp   closed      taligent-lm
1486/tcp   closed      nms_topo_serv
1490/tcp   closed      insitu-conf
1522/tcp   closed      rna-lm
1528/tcp   closed      mciautoreg
1529/tcp   closed      support
1544/tcp   closed      aspeclmd
1663/tcp   closed      netview-aix-3
1723/tcp   closed      pptp
1986/tcp   closed      licensedaemon
1991/tcp   closed      stun-p2
2002/tcp   closed      globe
2006/tcp   closed      invokator
2013/tcp   closed      raid-am
2017/tcp   closed      cypress-stat
2018/tcp   closed      terminaldb
2030/tcp   closed      device2
2044/tcp   closed      rimsl
2048/tcp   closed      dls-monitor
2106/tcp   closed      ekshell
2108/tcp   closed      rkinit
2112/tcp   closed      kip
2120/tcp   closed      kauth
2301/tcp   closed      compaqdiag
2430/tcp   closed      venus
2601/tcp   closed      zebra
2627/tcp   closed      webster
3005/tcp   closed      deslogin
3086/tcp   closed      sj3
3141/tcp   closed      vmodem
3264/tcp   closed      ccmail
3306/tcp   closed      mysql
3389/tcp   closed      msrdp
3455/tcp   closed      prsvp
3456/tcp   closed      vat
3462/tcp   closed      track
3900/tcp   closed      udt_os
4557/tcp   closed      fax
4559/tcp   closed      hylafax
5010/tcp   closed      telelpathstart
5232/tcp   closed      sgi-dgl
5301/tcp   closed      hacl-gs
5308/tcp   closed      cfengine
5432/tcp   closed      postgres
5520/tcp   closed      sdlog
5540/tcp   closed      sdreport
5680/tcp   closed      canna
5801/tcp   closed      vnc-1
6005/tcp   closed      X11:5
6007/tcp   closed      X11:7
6110/tcp   closed      softcm
6141/tcp   closed      meta-corp
6144/tcp   closed      statsci1-lm
6145/tcp   closed      statsci2-lm
6147/tcp   closed      montage-lm
6346/tcp   closed      gnutella
6667/tcp   closed      irc
7001/tcp   closed      afs3-callback
7002/tcp   closed      afs3-prserver
7003/tcp   closed      afs3-vlserver
7007/tcp   closed      afs3-bos
8081/tcp   closed      blackice-icecap
8082/tcp   closed      blackice-alerts
8892/tcp   closed      seosload
9991/tcp   closed      issa
22370/tcp  closed      hpnpd
27665/tcp  closed      Trinoo_Master
32777/tcp  closed      sometimes-rpc17
32779/tcp  closed      sometimes-rpc21
32786/tcp  closed      sometimes-rpc25
---------------------------------------------------------------

Somebody can tell me what problem this is. I do this because in the
alpha demo some units died without reason.

Thanks in advance

Bill Zhao



Re: ---Help me with the problem after port scanning
My company is designing a ip phone based ti TMS320C5472 chip. The os
inside is ucLinux. I am use the command "nmap -sT ipphone_ipaddress"
under linux to scan it. The result is that the phone die, the ouput of
namp after long time is as below:
---------------------------------------------------------------
Interesting ports on  (192.168.98.97):
(The 1299 ports scanned but not shown below are in state: filtered)
Port       State       Service
2/tcp      closed      compressnet
13/tcp     closed      daytime
16/tcp     closed      unknown
18/tcp     closed      msp
25/tcp     closed      smtp
38/tcp     closed      rap
39/tcp     closed      rlp
44/tcp     closed      mpm-flags
45/tcp     closed      mpm
46/tcp     closed      mpm-snd
51/tcp     closed      la-maint
55/tcp     closed      isi-gl
64/tcp     closed      covia
67/tcp     closed      dhcp
79/tcp     closed      finger
83/tcp     closed      mit-ml-dev
95/tcp     closed      supdup
101/tcp    closed      hostname
103/tcp    closed      gppitnp
104/tcp    closed      acr-nema
117/tcp    closed      uucp-path
118/tcp    closed      sqlserv
132/tcp    closed      cisco-sys
137/tcp    closed      netbios-ns
141/tcp    closed      emfis-cntl
146/tcp    closed      iso-tp0
150/tcp    closed      sql-net
158/tcp    closed      pcmail-srv
165/tcp    closed      xns-courier
166/tcp    closed      s-net
174/tcp    closed      mailq
185/tcp    closed      remote-kis
187/tcp    closed      aci
196/tcp    closed      dn6-smm-red
198/tcp    closed      dls-mon
199/tcp    closed      smux
206/tcp    closed      at-zis
207/tcp    closed      at-7
208/tcp    closed      at-8
210/tcp    closed      z39.50
212/tcp    closed      anet
224/tcp    closed      unknown
225/tcp    closed      unknown
245/tcp    closed      link
249/tcp    closed      unknown
251/tcp    closed      unknown
252/tcp    closed      unknown
256/tcp    closed      rap
258/tcp    closed      yak-chat
260/tcp    closed      openport
263/tcp    closed      hdap
270/tcp    closed      unknown
272/tcp    closed      unknown
276/tcp    closed      unknown
281/tcp    closed      personal-link
285/tcp    closed      unknown
293/tcp    closed      unknown
297/tcp    closed      unknown
300/tcp    closed      unknown
302/tcp    closed      unknown
304/tcp    closed      unknown
307/tcp    closed      unknown
309/tcp    closed      entrusttime
316/tcp    closed      decauth
318/tcp    closed      unknown
329/tcp    closed      unknown
330/tcp    closed      unknown
331/tcp    closed      unknown
332/tcp    closed      unknown
336/tcp    closed      unknown
337/tcp    closed      unknown
345/tcp    closed      pawserv
348/tcp    closed      csi-sgwp
356/tcp    closed      cloanto-net-1
383/tcp    closed      hp-alarm-mgr
384/tcp    closed      arns
393/tcp    closed      dis
397/tcp    closed      mptn
399/tcp    closed      iso-tsap-c2
408/tcp    closed      prm-sm
423/tcp    closed      opc-job-start
428/tcp    closed      ocs_cmu
431/tcp    closed      utmpcd
434/tcp    closed      mobileip-agent
457/tcp    closed      scohelp
465/tcp    closed      smtps
469/tcp    closed      rcp
486/tcp    closed      sstats
496/tcp    closed      pim-rp-disc
503/tcp    closed      intrinsa
513/tcp    closed      login
518/tcp    closed      ntalk
533/tcp    closed      netwall
539/tcp    closed      apertus-ldp
540/tcp    closed      uucp
560/tcp    closed      rmonitor
566/tcp    closed      streettalk
569/tcp    closed      ms-rome
580/tcp    closed      sntp-heartbeat
582/tcp    closed      scc-security
589/tcp    closed      eyelink
600/tcp    closed      ipcserver
604/tcp    closed      unknown
622/tcp    closed      unknown
623/tcp    closed      unknown
626/tcp    closed      unknown
629/tcp    closed      unknown
630/tcp    closed      unknown
638/tcp    closed      unknown
645/tcp    closed      unknown
654/tcp    closed      unknown
661/tcp    closed      unknown
670/tcp    closed      unknown
677/tcp    closed      unknown
679/tcp    closed      unknown
683/tcp    closed      unknown
691/tcp    closed      resvc
695/tcp    closed      unknown
698/tcp    closed      unknown
699/tcp    closed      unknown
721/tcp    closed      unknown
734/tcp    closed      unknown
735/tcp    closed      unknown
738/tcp    closed      unknown
745/tcp    closed      unknown
748/tcp    closed      ris-cm
767/tcp    closed      phonebook
769/tcp    closed      vid
778/tcp    closed      unknown
797/tcp    closed      unknown
803/tcp    closed      unknown
808/tcp    closed      unknown
816/tcp    closed      unknown
845/tcp    closed      unknown
847/tcp    closed      unknown
848/tcp    closed      unknown
856/tcp    closed      unknown
859/tcp    closed      unknown
866/tcp    closed      unknown
868/tcp    closed      unknown
874/tcp    closed      unknown
880/tcp    closed      unknown
886/tcp    closed      unknown
895/tcp    closed      unknown
898/tcp    closed      unknown
900/tcp    closed      unknown
901/tcp    closed      samba-swat
905/tcp    closed      unknown
906/tcp    closed      unknown
907/tcp    closed      unknown
908/tcp    closed      unknown
912/tcp    closed      unknown
925/tcp    closed      unknown
946/tcp    closed      unknown
947/tcp    closed      unknown
955/tcp    closed      unknown
959/tcp    closed      unknown
962/tcp    closed      unknown
971/tcp    closed      unknown
972/tcp    closed      unknown
979/tcp    closed      unknown
982/tcp    closed      unknown
984/tcp    closed      unknown
992/tcp    closed      telnets
1004/tcp   closed      unknown
1032/tcp   closed      iad3
1067/tcp   closed      instl_boots
1084/tcp   closed      ansoft-lm-2
1109/tcp   closed      kpop
1110/tcp   closed      nfsd-status
1353/tcp   closed      relief
1358/tcp   closed      connlcli
1368/tcp   closed      screencast
1380/tcp   closed      telesis-licman
1415/tcp   closed      dbstar
1418/tcp   closed      timbuktu-srv2
1420/tcp   closed      timbuktu-srv4
1432/tcp   closed      blueberry-lm
1437/tcp   closed      tabula
1442/tcp   closed      cadis-2
1447/tcp   closed      apri-lm
1453/tcp   closed      genie-lm
1465/tcp   closed      pipes
1466/tcp   closed      oceansoft-lm
1471/tcp   closed      csdmbase
1475/tcp   closed      taligent-lm
1486/tcp   closed      nms_topo_serv
1490/tcp   closed      insitu-conf
1522/tcp   closed      rna-lm
1528/tcp   closed      mciautoreg
1529/tcp   closed      support
1544/tcp   closed      aspeclmd
1663/tcp   closed      netview-aix-3
1723/tcp   closed      pptp
1986/tcp   closed      licensedaemon
1991/tcp   closed      stun-p2
2002/tcp   closed      globe
2006/tcp   closed      invokator
2013/tcp   closed      raid-am
2017/tcp   closed      cypress-stat
2018/tcp   closed      terminaldb
2030/tcp   closed      device2
2044/tcp   closed      rimsl
2048/tcp   closed      dls-monitor
2106/tcp   closed      ekshell
2108/tcp   closed      rkinit
2112/tcp   closed      kip
2120/tcp   closed      kauth
2301/tcp   closed      compaqdiag
2430/tcp   closed      venus
2601/tcp   closed      zebra
2627/tcp   closed      webster
3005/tcp   closed      deslogin
3086/tcp   closed      sj3
3141/tcp   closed      vmodem
3264/tcp   closed      ccmail
3306/tcp   closed      mysql
3389/tcp   closed      msrdp
3455/tcp   closed      prsvp
3456/tcp   closed      vat
3462/tcp   closed      track
3900/tcp   closed      udt_os
4557/tcp   closed      fax
4559/tcp   closed      hylafax
5010/tcp   closed      telelpathstart
5232/tcp   closed      sgi-dgl
5301/tcp   closed      hacl-gs
5308/tcp   closed      cfengine
5432/tcp   closed      postgres
5520/tcp   closed      sdlog
5540/tcp   closed      sdreport
5680/tcp   closed      canna
5801/tcp   closed      vnc-1
6005/tcp   closed      X11:5
6007/tcp   closed      X11:7
6110/tcp   closed      softcm
6141/tcp   closed      meta-corp
6144/tcp   closed      statsci1-lm
6145/tcp   closed      statsci2-lm
6147/tcp   closed      montage-lm
6346/tcp   closed      gnutella
6667/tcp   closed      irc
7001/tcp   closed      afs3-callback
7002/tcp   closed      afs3-prserver
7003/tcp   closed      afs3-vlserver
7007/tcp   closed      afs3-bos
8081/tcp   closed      blackice-icecap
8082/tcp   closed      blackice-alerts
8892/tcp   closed      seosload
9991/tcp   closed      issa
22370/tcp  closed      hpnpd
27665/tcp  closed      Trinoo_Master
32777/tcp  closed      sometimes-rpc17
32779/tcp  closed      sometimes-rpc21
32786/tcp  closed      sometimes-rpc25
---------------------------------------------------------------

Somebody can tell me what problem this is. I do this because in the
alpha demo some units died without reason.

Thanks in advance

Bill Zhao




Re: ---Help me with the problem after port scanning
Hi Bill
 > I am use the command "nmap -sT ipphone_ipaddress"
Quoted text here. Click to load it
Are you saying the phone dies when you run nmap ?

Quoted text here. Click to load it
What led you to believe this was caused by people port-scanning them?

All the ports are closed or filtered, it seems strange that any daemon/servers
running on the phone could therefore make it die.



--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     snipped-for-privacy@snapgear.com
We've slightly trimmed the long signature. Click to see the full one.
Re: ---Help me with the problem after port scanning

??????: snipped-for-privacy@snapgear.com...
Quoted text here. Click to load it
I thought that some there are virus-infected and send out bad packets.
Quoted text here. Click to load it
daemon/servers
Quoted text here. Click to load it



Re: ---Help me with the problem after port scanning

Quoted text here. Click to load it
--- snip snip ---
Quoted text here. Click to load it

The phone IP stack may get overloaded due to the port scan. Experiment with
the nmap timing.

The closed/filtered decision is made so that a port sending nothing is
filtered and a port sending RST is closed. Ignoring an uninvited SYN may be
less of load for the IP stack, as no responses are sent (though this is not
regarded as neat behaviour).

HTH

Tauno Voipio
tauno voipio @ iki fi





Re: ---Help me with the problem after port scanning

:xpHCb.383$ snipped-for-privacy@read3.inet.fi...
Quoted text here. Click to load it
with
overload is correct. I scan using -p portrange step by step. the phone stand
this.
the service ports can be showed normally. Somebody else in my company repeat
my scan
by the inside-vmware linux, no this problem happen.
Quoted text here. Click to load it
be
not
How to ignoring an uninvited SUN packets ?
Quoted text here. Click to load it



Site Timeline