Page 1 of 1
CentOS 8 and Nmap.
Posted: 2020/06/26 12:01:09
by hack3rcon
Hello,
I scanned the CentOS 8 by Nmap:
Code: Select all
# nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" IP
The result is :
- nmappp.png (108.84 KiB) Viewed 2882 times
Is it not odd?
Thank you.
Re: CentOS 8 and Nmap.
Posted: 2020/06/26 12:07:26
by TrevorH
You appear to either have no firewall active or you ran this scan from the same machine that you were scanning (which bypasses the firewall entirely).
Re: CentOS 8 and Nmap.
Posted: 2020/06/26 12:28:21
by hack3rcon
TrevorH wrote: ↑2020/06/26 12:07:26
You appear to either have no firewall active or you ran this scan from the same machine that you were scanning (which bypasses the firewall entirely).
Firewall service? The firewalld enabled.
Re: CentOS 8 and Nmap.
Posted: 2020/06/26 13:59:24
by TrevorH
And where did you run it from?
Re: CentOS 8 and Nmap.
Posted: 2020/06/26 14:19:48
by hack3rcon
TrevorH wrote: ↑2020/06/26 13:59:24
And where did you run it from?
The server is a local with a local and a public IP.
I scanned the public IP.
Re: CentOS 8 and Nmap.
Posted: 2020/06/26 15:14:17
by TrevorH
You still didn't answer the question. From where did you scan the public ip?
Re: CentOS 8 and Nmap.
Posted: 2020/06/28 15:55:08
by hack3rcon
I scanned it from the local network.
When I scanned its public IP then my packets must going to it from the outside network!!!
Re: CentOS 8 and Nmap.
Posted: 2020/06/28 19:42:14
by jlehtone
hack3rcon wrote: ↑2020/06/28 15:55:08
When I scanned its public IP then my packets must going to it from the outside network!!!
Why do you think so?
Do you have two machines that both have two interface (one local, one public)? Is one the server and another a router?
In that case your scanner would send packets to the router and the router would forward them from router's public to server's public.
If not, then your assumption does not hold.
Re: CentOS 8 and Nmap.
Posted: 2020/07/01 09:00:37
by hack3rcon
My PC is in a difference VLAN and my server have special NICs for internal and external networks. I guess it is because of Firewalld. It allowing all packets.
Code: Select all
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh
ports: 80/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Re: CentOS 8 and Nmap.
Posted: 2020/07/01 13:28:35
by jlehtone
That shows only the default zone's status.
man firewall-cmd wrote:[--permanent] [--zone=zone] --list-all
List everything added for or enabled in zone. If zone is omitted, default zone will be used.
That zone (public) does not seem to have any custom icmp-block rules. Is the ens192 even on the "external"?
difference VLAN
In other words you have at least three networks?
* internal
* external
* difference
How does the "difference" connect to the "external"?