SMB port is open when I try to scan the host with shodan, but when I do it with nmap or any other scanner it says that the port is closed or filtered. any explanation?
I tried all the basic firewall evasion techniques with nmap but none of them worked.
Shodan Scan Result:
Hostnames: xxxxxxxxxxxxxx
Number of open ports: 6
Ports:
22/tcp OpenSSH (6.6.1p1 Ubuntu-2ubuntu2.8)
80/tcp nginx (1.4.6)
137/udp
445/tcp Samba (4.3.11-Ubuntu)
8080/tcp Apache Tomcat/Coyote JSP engine (1.1)
8081/tcp
NMAP Scan Result:
Host is up.
PORT STATE SERVICE VERSION
445/tcp filtered microsoft-ds
Shodan is an archive of scan results. The system in question (there is only one on Shodan which matches this output) was scanned on July 9, and may have been taken down, had its IP changed, or been reconfigured since then.
Related
Not sure if this is possible, but I have a Vagrant box running ubuntu 18.04 running in VirtualBox on my macbook. I also have a docker container running on my mac which has a postgres database in it.
I would like to be able to connect from within ubuntu to the database in docker.
My first attempt at this was to add the following to my VagrantFile
config.vm.network "forwarded_port", guest: 5432, host: 5432
However that resulted in the following error:
Vagrant cannot forward the specified ports on this VM, since they
would collide with some other application that is already listening
on these ports. The forwarded port to 5432 is already in use
on the host machine.
To fix this, modify your current project's Vagrantfile to use another
port. Example, where '1234' would be replaced by a unique host port:
config.vm.network :forwarded_port, guest: 5432, host: 1234
Sometimes, Vagrant will attempt to auto-correct this for you. In this
case, Vagrant was unable to. This is usually because the guest machine
is in a state which doesn't allow modifying port forwarding. You could
try 'vagrant reload' (equivalent of running a halt followed by an up)
so vagrant can attempt to auto-correct this upon booting. Be warned
that any unsaved work might be lost.
I understand the error, it makes perfect sense because the host is already listening to port 5432 (or rather the docker/postgres container is). but i don't know how to fix the problem. If i do as suggested and change the host port number it would not work because then I wouldn't be connecting to the right port.
Suggestions?
I figured it out. it's pretty easy actually.
You see, the docker postgres db is availabe at 'localhost' or '127.0.0.1' on the HOST machine, but the HOST machine appears at 10.0.2.2 for some reason to the GUEST machine. All i had to do was point my database connect script to 10.0.2.2 and no extra network config was needed.
I'm struggling configuring mitmproxy on OSX (10.13.1).
pfctl command always returns syntax error when trying to set forwarding rules.
I tried rdr on en2 inet proto tcp to any port 80 -> 127.0.0.1 port 8080
rdr on en2 inet proto tcp to any port 443 -> 127.0.0.1 port 8080
from the official guide as well as similar commands from other resources, but with the same error.
I also get No ALTQ support in kernel
ALTQ related functions disabled even though the firewall is enabled.
Is it some specifics related to the OS version?
Oddly, a newline character is actually required at the end of the config file, and not only will pfctl fail without it, but it also will only tell you "syntax error". (That's what the issue was for me at least.)
Apparently this has been causing grief since at least 2010.
My WAMP server isn't working, when I hover over the orange W icon i get "1 of two services running".
I did the right click on the icon, selected tools, selected test port 80
I got:
***** Test which uses port 80 *****
===== Tested by command netstat filtered on port 80 =====
'find' is not recognized as internal or external command,
operable program or batch file.
Port 80 is not associated with TCP protocol
'find' is not recognized as internal or external command,
operable program or batch file.
Port 80 is not associated with TCP protocol
===== Tested by attempting to open a socket on port 80 =====
Your port 80 is actually used by :
Server: Apache/2.4.17 (Win64) PHP/5.6.16
Press Enter to exit...
Then I tested port 3306 (that is supposed to be used by MySQL if Im not mistaken) in the same way as port 80.
I got:
***** Test which uses port 3306 *****
===== Tested by command netstat filtered on port 3306 =====
'find' is not recognized as internal or external command,
operable program or batch file.
Port 3306 is not associated with TCP protocol
'find' is not recognized as internal or external command,
operable program or batch file.
Port 3306 is not associated with TCP protocol
Press Enter to exit...
I went on the internet in search of a solution, none helped so far. I found some helpfull advice on stackoverflow so I did the folowing few things:
Run cmd in administrator mode.
Went to:
C:\wamp64\bin\apache\apache2.4.17\bin
and run:
httpd.exe -e debug
At the end of the output I got:
H01575: loaded module php5_module from C:/wamp64/bin/php/php5.6.16/php5apache2_4.dll
(OS 10048)Only one usage of each socket adress (protocol/network adress/port) is normally permitted. AH00072: make_sock: could not bind to adress [ : : ]:80
(OS 10048)Only one usage of each socket adress (protocol/network adress/port) is normally permitted. AH00072: make_sock: could not bind to adress 0.0.0.0:80
AH00451: no listening socket avalible, shutting down
AH00015: Unable to open logs
Than I run resmon.exe in Start menu. There I saw that port 80 is used by httpd.exe. When I canged the port of the server to 8080, port 80 (in resmon view) disappeared and 8080 was taken over by httpd.exe. The above output also changed accordingly. Port 3306 was nowhere to be seen.
Iam confused. Is port 80 taken or not? Im geting mixed messages here. Any help would be greatly appreciated or at least a point of direction where to look.
Maybe I should also add that because of this persistant problem I reinstalled my WAMP server. Did not help. Running WAMP as an admin didnt help as well and I do not have Skype on my desktop.
Slana,
I think I had a similar problem with Wamp server in the past. Even though I kept changing localhost port number to 80, 8080, and etc. it did not work. So, this is what I did:
Clicked on the Wamp Server icon.
Apache -> Service -> Remove Service
MySQL -> Service -> Remove Service
Then reinstall both Apache and MySQL service.
Restart the Wamp Server.
Sorry, I wish I could help you more.. I am a beginner in programming and still learning. I hope this helps with fixing the error.
I'm trying to configure eclipse 'hadoop location' MR and DFS hosts and ports, but I get 'connection refused' errors. I have virtual machine manager and node1 in a cloudera setup (from here http://www.spaggiari.org/index.php/hbase/hbase-and-hadoop-with-cloudera#.UiuUjOEyY0g and I use host only networking).
nmap results:
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
node1:
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
8002/tcp open teradataordbms
8021/tcp open ftp-proxy
8888/tcp open sun-answerbook
9000/tcp open cslistener
9010/tcp open sdr
60020/tcp open unknown
I can ping and ssh to them, and cloudera tells me hdfs and map-reduce etc are all running fine.
I have tried all sorts of combinations for the hosts and ports
(using http://www.cloudera.com/content/cloudera-content/cloudera-docs/CM4Free/4.5.4/Configuring-Ports-for-Cloudera-Manager-Free-Edition/cmfecp_topic_3.html)
but keep getting connection refused.
Any help is much appreciated!!!
Run host inspector and try resolving all the errors. Pls post the logs of the connection refused error. I had faced this issue before, and it got resolved when all host inspector errors where cleared(basically conflicts in host file which are multiple alias for same ip, for this make sure hostname comes first)
I am unable to setup remote debugging for my Tomcat 6 web app on Ubuntu 12.04.
I have tried the solutions offered in the following related question:
Remote debugging Tomcat with Eclipse
The highest ranked solution says I should open catalina.sh and change the JPDA_OPTS variable to:
JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
Then start tomcat using jpda:
catalina.sh jpda start
I checked my app at localhost, port 8000 and got an 'Unable to connect error'.
The next best solution was:
In catalina.bat file please modify the below.
Step 1: CATALINA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
Step 2: JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
Step 3: Run Tomcat from command prompt like below: catalina.sh jpda start
When I checked localhost, port 8000 I got the same 'Unable to connect error'.
Attempting to connect to the tomcat debugger through Eclipse after both of these
attempts gave me an error:
Failed to connect to remote VM. Connection refused.
Connection refused
This made me think that port 8000 might be closed so I ran an nmap command to show
which ports on my 'localhost' were open. It returned the following:
ryan#ryan-K53E:~$ nmap -v localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2013-04-15 22:12 BST
Initiating Ping Scan at 22:12
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 22:12, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 22:12
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 8080/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Completed Connect Scan at 22:12, 0.02s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00028s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
8080/tcp open http-proxy
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
This looks to confirm that port 8000 is closed so I defined 'tomcat-debug' as a service in the
'/etc/services' file like so:
tomcat-debug 8000/tcp # Remote tomcat debugging
Then tried to open port 8000 with iptables using the following command:
sudo iptables -A INPUT -p tcp --dport tomcat-debug -j ACCEPT
This doesn't seem to have made a difference as nmap is still showing the same list of open ports as
before. Any help here would be greatly appreciated.
Before checking if port 8000 is reachable form outside (your test with nmap) , have you tried to check if tomcat is listening on port 8000 ?
I'd use sudo netstat -pnl | grep 8000 to get a list of all process listening on port and filter this list for lines containing 8000.
you should receive something like this :
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 14236/java
This line tell that the process java (pid 14236) is listening for tcp on localhost(127.0.0.1) port 8000.
You should check that you tomcat process is listening on an external address if you want to connect to from external.