Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Nmap scan on WAN reveals captive portal

    Captive Portal
    2
    10
    6520
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sifter last edited by

      My captive portal is running on OPT1, which has a wireless router plugged into it.  The interface is not bridged with any other interface.  When I perform an nmap scan of my WAN, port 8000 shows up.  Is this right?

      Running a full HD ver. RELENG_1_SNAPSHOT_03-19-2006 built on Sat Mar 18 01:47:08 UTC 2006

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        It should not be happening.

        PF rules take priority over ipfw which the captive portal uses.

        I would double check your wan rules.

        1 Reply Last reply Reply Quote 0
        • S
          Sifter last edited by

          Starting Nmap 4.01 ( http://www.insecure.org/nmap ) at 2006-03-23 22:43 Pacific
          Standard Time
          Warning:  OS detection will be MUCH less reliable because we did not find at lea
          st 1 open and 1 closed TCP port
          Insufficient responses for TCP sequencing (0), OS detection may be less accurate

          Insufficient responses for TCP sequencing (0), OS detection may be less accurate

          Interesting ports on noip.or.comcast.net (67.171.1X.X):
          (The 1663 ports scanned but not shown below are in state: filtered)
          PORT    STATE SERVICE
          21/tcp  open  ftp
          53/tcp  open  domain
          80/tcp  open  http
          81/tcp  open  hosts2-ns
          443/tcp  open  https
          444/tcp  open  snpp
          1723/tcp open  pptp
          3000/tcp open  ppp
          8000/tcp open  http-alt
          Device type: general purpose
          Running (JUST GUESSING) : OpenBSD 3.X (93%), FreeBSD 5.X|4.x (92%), Linux 2.6.X
          (87%), Microsoft Windows NT/2K/XP|2003/.NET (86%), IBM AIX 4.X (85%)
          Aggressive OS guesses: OpenBSD 3.6 (93%), OpenBSD 3.7 (93%), FreeBSD 5.3 (92%),
          DragonFly 1.1-Stable (FreeBSD-4 fork) (87%), Linux 2.6.10 (87%), Linux 2.6.7 (87
          %), OpenBSD 3.3 x86 with pf "scrub in all" (87%), OpenBSD 3.5 or 3.6 (87%), Free
          BSD 5.2 - 5.4 (86%), FreeBSD 5.4 (86%)
          No exact OS matches for host (test conditions non-ideal).

          Nmap finished: 1 IP address (1 host up) scanned in 29.142 seconds

          I have ports 21, 80, 81, 443, and 444 forwarded on the WAN.  Interesting that the others show up.

          1 Reply Last reply Reply Quote 0
          • S
            sullrich last edited by

            Well it appears that either your filter is not loaded at all or you have a pass any rule on wan.

            1 Reply Last reply Reply Quote 0
            • S
              Sifter last edited by

              1 Reply Last reply Reply Quote 0
              • S
                sullrich last edited by

                Never heard of a source of 12.18:

                Is this something new that I should be aware of?

                1 Reply Last reply Reply Quote 0
                • S
                  Sifter last edited by

                  I photoshopped half that IP address out.  12.18.X.X

                  1 Reply Last reply Reply Quote 0
                  • S
                    sullrich last edited by

                    Run a pfctl -f /tmp/rules.debug and see if you get an error.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sifter last edited by

                      pfctl -f /tmp/rules.debug

                      returns no errors.

                      1 Reply Last reply Reply Quote 0
                      • S
                        sullrich last edited by

                        Just nmapped our captive portal here… And its not doing this.

                        nmap -P0 10.0.0.80

                        Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2006-03-24 12:49 EST
                        All 1668 scanned ports on 10.0.0.80 are: filtered
                        MAC Address: 00:00:24:C1:F7:71 (Connect AS)

                        Nmap finished: 1 IP address (1 host up) scanned in 36.169 seconds

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post