Is there any way to run command after then nmap is scanned port and got positive result if port is open, for every ip address, like - nmap found ip with particular open port (when scanning eg. 192.168.1.0/24 port 554) and run something immediately, then nmap is contiuning to scan. If the port is closed or else, contiune to scan.
The Nmap Scripting Engine was designed for this purpose. You can write a simple script in Lua that will run for every open port (or easily filter to a specific port number or service name). It doesn't run immediately after discovering an open port, but for very large scans, Nmap will alternate between port scanning and running NSE scripts so that you get results in a fairly steady stream.
If you want to run some external program instead, you can write an NSE script that uses the os.execute function to call that program when necessary.
Related
hi I'm running an Ubuntu 20.04.5 server I'm using it for dynamic port forwarding kinda like a vpn but the problem is when I'm downloading something or there is multiple connections ping increases drastically 500ms-1000ms but if I run two tunnels with different users and download from one and test my ping from the other the ping is perfectly fine. I'm wondering if this is a user limit on linux I've tried tunneling with the root user but still when there is the slightest sign of traffic the ping goes above 250ms.
I've tried tuning the tcp and raising open file limits and port range but all to no avail.
We have a system that implements reverse ssh tunnel to enable remote port forwarding.
This enables to expose devices on local network via a Public IP.
However, we're achieving this by a static port allocation, i.e. We've mapped Serial No.s of devices to Ports and each time a request comes to our server with Serial No. , we forward it to the designated port.
Obviously this design isn't scalable and we want to replace it with dynamic port allocation, such that the server itself takes care of allocating the port and freeing it once the device goes offline.
It'd be great to have suggestions on how this can be achieved.
Thanks in anticipation and apologies for my lack of knowledge in case I didn't explain it better (I'm new to this)
This can be solved by using a ssh command script in ~/.ssh/authorized_keys on your server.
command="reverse_server.py" ssh-rsa <publicKey>
First, a client has to connect to the script and send it's own serial (in my case a use the MAC-adress of one NIC).
The server looks into a database and tell the assigned port number or creates a new one for an unknown serial.
In the next step, the client can connect, using the reported port number as reverse port.
Btw. You should add some logic to monitor and recreate the tunnel if it disconnects or get stuck.
Background
I have a .net 4.0 WCF application that listens on net.tcp port 667. (Windows 7 machine)
At some point the application exits ungracefully (the user kills the process, for example).
Now a strange thing happens: The port remains open. When the user re-starts the application, it fails to listen on that port since it's already in use.
The strange thing is that even though the owning process was killed, the OS does not close the port, not even after several hours.
Here are some observations:
On TcpView the process is <non-existent>, the PID belongs to the old (killed) process, and state is LISTENING. Local address is my machine and there are both IPV4 and IPV6 listeners on that port.
"Close Connection" and "End Process" operations on TcpView have no effect on that port.
Process Explorer does not display the old (killed) process. I tried to search-handle for the PID or the port but found nothing.
When running netstat -a -b -n -o the executable involved is displayed as System and local address is 0.0.0.0. Other info is the same as TcpView.
The only way I found to close that port was a system reboot...
Questions
Is there a way to configure the WCF net.tcp Service Host listener to avoid lingering after the process exists ungracefully?
Is there a way to programatically close that port? If there is, my application could first close that port before trying to listen to it.
Is there a utility that could close such "daemon" ports? (since TcpView cannot do that)
Is this an OS bug? Shouldn't the OS keep track of such "daemon" listeners and close them once the process exists?
Is there a way to configure the WCF net.tcp Service Host listener to avoid lingering after the process exists ungracefully?
No, at least not that you should use, but there is a way to tell it to reuse the socket address when it restarts, which makes that unnecessary.
Is there a way to programatically close that port? If there is, my application could first close that port before trying to listen to it.
No. Only the application that opened a port can close it.
Is there a utility that could close such "daemon" ports? (since TcpView cannot do that)
No, see above.
Is this an OS bug? Shouldn't the OS keep track of such "daemon" listeners and close them once the process exists?
All the process's resources including TCP ports should be relased when the process exits. There is an exception in the case of TCP 'ESTABLISHED' ports, which hang around for a couple of minutes for TCP security reasons.
It sounds like there is a sub-process that inherited the socket that is still active.
It happened to me as well, and actually, I found it is those sub-processes that holding the port. My solution is use Process Explorer to search for the Non-existing PID, and kill all the processes list, then the port will be free.
I'm participating in a computer security competition this weekend and I'm trying to make a script that will block an IP address for 5 minutes if I get port scanned. So I decided I could use NCAT and have it execute a iptables script if someone tries to connect to a port I am listening to. The problem is, I don't know how to get the IP address of the client that is connecting. Is this possible to do?
I don't want to use honeypots because they can be detected by many scanners, and any custom scripts I have, I have to write when I'm in the competition room. Can anyone help me out with this?
Thanks
Most portscans won't do a full tcp handshake, they will run a syn scan. So netcat would never recieve a connection. I recommend psad. On debian systems you can get it with:
aptitude install psad
Also, such a question should be asked at https://security.stackexchange.com/
Hi i am creating server/client application using .net.Sockets something like cybercafe software.
Im following this example on codeproject Simple Socket Chat Program
there is no problem i run it on local pc. But when i run the client in the other pc in network i got a problem.
says :
No connection could be made because the target machine actively refused it.
I tried to use netstat -a on cmd and i found out that the portnumbers of all the p.c on our network always changes.
Is there any way to do it without using portnumber and just hostname or ipaddress only.
I need help...
Thanks in Regards
First, the random port numbers under Local Address in netstat are done so that everything gets a unique local port.
Also, a port is necessary for sockets.
The problem you are having is most likely because the firewall where your server software is located is blocking that port. For Windows 7 (and presumably Vista), you can unblock the port by running WF.msc, going to Inbound Rules on the left, clicking New Rule on the right, and adding a new program or port rule. The rest of the steps should be self-explanatory.