Default OS X 10.6 nmap results

I wanted to see what the default results of an OS X 10.6 computer was when scanned using nmap. The scan performed was -sS -PN. I did two tests and got different results:

test 1:

PORT      STATE    SERVICE
13/tcp    filtered daytime
32/tcp    filtered unknown
82/tcp    filtered xfer
88/tcp    open     kerberos-sec
366/tcp   filtered odmr
427/tcp   filtered svrloc
464/tcp   filtered kpasswd5
548/tcp   open     afp
981/tcp   filtered unknown
1023/tcp  filtered netvenuechat
1057/tcp  filtered unknown
1163/tcp  filtered unknown
1433/tcp  filtered ms-sql-s
2000/tcp  filtered callbook
2126/tcp  filtered unknown
2251/tcp  filtered unknown
2605/tcp  filtered bgpd
3766/tcp  filtered unknown
6699/tcp  filtered napster
8001/tcp  filtered unknown
9050/tcp  filtered tor-socks
10001/tcp filtered unknown
15000/tcp filtered hydap
20005/tcp filtered btx
20221/tcp filtered unknown
49165/tcp filtered unknown
52869/tcp filtered unknown

Test 2:

PORT    STATE SERVICE
88/tcp  open  kerberos-sec
548/tcp open  afp

I am trying to figure out what I got the first set of results… I have not been able to duplicate these results and they were unexpected.

update:  I tried resetting pram/nvram and shut the computer down, but have still not been able to reproduce the first scan.

update 2:  On my last attempt I got the following:

Not shown: 973 closed ports
PORT      STATE    SERVICE
88/tcp    open     kerberos-sec
544/tcp   filtered kshell
548/tcp   open     afp
880/tcp   filtered unknown
1055/tcp  filtered ansyslmd
1078/tcp  filtered unknown
1095/tcp  filtered unknown
1718/tcp  filtered unknown
1801/tcp  filtered unknown
1875/tcp  filtered unknown
2968/tcp  filtered unknown
3017/tcp  filtered unknown
3031/tcp  filtered unknown
3914/tcp  filtered unknown
5050/tcp  filtered mmcc
6000/tcp  filtered X11
7911/tcp  filtered unknown
7999/tcp  filtered unknown
8022/tcp  filtered unknown
9999/tcp  filtered abyss
10621/tcp filtered unknown
15000/tcp filtered hydap
18988/tcp filtered unknown
31337/tcp filtered Elite
45100/tcp filtered unknown
49400/tcp filtered compaqdiag
50002/tcp filtered iiimsf

All subsequent attempts have gone back to the normal results that I got the in second scan posted above. The OS X firewall is off. The MAC address reported is the same. I am still trying to piece together the results, but beginning to wonder if one of the possibilities is a man in the middle scenario.

This entry was posted in FOSS, Linux. Bookmark the permalink.

3 Responses to Default OS X 10.6 nmap results

  1. Mez says:

    That kind of thing tends to happen when some sort of “port scanner” detection kicks in.

    It’ll then set the firewall to respond differently – you should have checked the “Not Shown: XXX (closed|filtered) ports” bit..

    • Charles Profitt says:

      I have restarted the OS X computer and re-run the scan with out being able to repeat the first scan results. I was assuming that restarting the computer would have reset the ‘firewall’ blocks. Also… OS X 10.6 has the firewall off by default. So not sure that it would be a firewall issue.

  2. Pingback: Charles Profitt: Default OS X 10.6 nmap results | TuxWire

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s