He realizado con NMAP un escaneo a una IP de la cual sospecho (en mis otros mensajes explico mi problema).
No obstante, obtengo un log que no soy capaz de interpretar.
Os lo pego aquí:
Citar
Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-07 13:05 Hora estándar romance
NSE: Loaded 36 scripts for scanning.
Initiating Ping Scan at 13:05
Scanning 6x.x7.xx1.xx7 [8 ports]
Completed Ping Scan at 13:05, 0.43s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:05
Completed Parallel DNS resolution of 1 host. at 13:05, 0.05s elapsed
Initiating SYN Stealth Scan at 13:05
Scanning 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7) [65535 ports]
SYN Stealth Scan Timing: About 1.22% done; ETC: 13:48 (0:41:53 remaining)
SYN Stealth Scan Timing: About 3.79% done; ETC: 13:46 (0:39:45 remaining)
SYN Stealth Scan Timing: About 5.58% done; ETC: 13:42 (0:35:00 remaining)
SYN Stealth Scan Timing: About 9.29% done; ETC: 13:33 (0:25:03 remaining)
SYN Stealth Scan Timing: About 13.42% done; ETC: 13:28 (0:19:47 remaining)
SYN Stealth Scan Timing: About 16.85% done; ETC: 13:27 (0:18:30 remaining)
SYN Stealth Scan Timing: About 22.25% done; ETC: 13:24 (0:14:51 remaining)
SYN Stealth Scan Timing: About 26.82% done; ETC: 13:23 (0:13:03 remaining)
SYN Stealth Scan Timing: About 31.23% done; ETC: 13:23 (0:12:04 remaining)
SYN Stealth Scan Timing: About 36.31% done; ETC: 13:22 (0:10:30 remaining)
SYN Stealth Scan Timing: About 40.32% done; ETC: 13:21 (0:09:40 remaining)
SYN Stealth Scan Timing: About 46.97% done; ETC: 13:20 (0:07:57 remaining)
SYN Stealth Scan Timing: About 52.33% done; ETC: 13:20 (0:06:53 remaining)
SYN Stealth Scan Timing: About 57.09% done; ETC: 13:19 (0:06:08 remaining)
SYN Stealth Scan Timing: About 61.93% done; ETC: 13:19 (0:05:21 remaining)
SYN Stealth Scan Timing: About 66.91% done; ETC: 13:19 (0:04:35 remaining)
SYN Stealth Scan Timing: About 71.85% done; ETC: 13:19 (0:03:50 remaining)
SYN Stealth Scan Timing: About 76.92% done; ETC: 13:19 (0:03:06 remaining)
SYN Stealth Scan Timing: About 81.71% done; ETC: 13:18 (0:02:25 remaining)
SYN Stealth Scan Timing: About 87.41% done; ETC: 13:18 (0:01:39 remaining)
SYN Stealth Scan Timing: About 92.70% done; ETC: 13:18 (0:00:58 remaining)
Completed SYN Stealth Scan at 13:18, 790.53s elapsed (65535 total ports)
Initiating Service scan at 13:18
Initiating OS detection (try #1) against 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Retrying OS detection (try #2) against 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Initiating Traceroute at 13:18
Completed Traceroute at 13:18, 0.21s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 13:18
Completed Parallel DNS resolution of 2 hosts. at 13:18, 0.05s elapsed
NSE: Script scanning 6x.x7.xx1.xx7.
NSE: Script Scanning completed.
Nmap scan report for 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Host is up (0.11s latency).
Not shown: 65530 filtered ports
PORT STATE SERVICE VERSION
1406/tcp closed unknown
1857/tcp closed unknown
3050/tcp closed unknown
3656/tcp closed unknown
3726/tcp closed unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: HP OpenVMS 7.3-1 (98%), Netasq U70 firewall (98%), AirSpan ProST WiMAX access point (97%), Apple iPhone mobile phone (iPhone OS 2.2.1) (97%), Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC) (97%), BinTec R1200 WAP (97%), Blue Coat SG200 proxy server (SGOS 5.1.4.4) (97%), HP LaserJet 4300 JetDirect FW R.25.57 (97%), HP Brocade 1600 switch (97%), Juniper Networks JUNOS 9.0R2.10 (97%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
TRACEROUTE (using port 3050/tcp)
HOP RTT ADDRESS
1 202.00 ms 10.204.96.1
2 198.00 ms 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 796.93 seconds
Raw packets sent: 131516 (5.790MB) | Rcvd: 416 (17.802KB)
Me llama la atención lo que está marcado en negrita: lo de la detección de OS, y esa otra IP por la que debe pasar al trazar la ruta.NSE: Loaded 36 scripts for scanning.
Initiating Ping Scan at 13:05
Scanning 6x.x7.xx1.xx7 [8 ports]
Completed Ping Scan at 13:05, 0.43s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:05
Completed Parallel DNS resolution of 1 host. at 13:05, 0.05s elapsed
Initiating SYN Stealth Scan at 13:05
Scanning 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7) [65535 ports]
SYN Stealth Scan Timing: About 1.22% done; ETC: 13:48 (0:41:53 remaining)
SYN Stealth Scan Timing: About 3.79% done; ETC: 13:46 (0:39:45 remaining)
SYN Stealth Scan Timing: About 5.58% done; ETC: 13:42 (0:35:00 remaining)
SYN Stealth Scan Timing: About 9.29% done; ETC: 13:33 (0:25:03 remaining)
SYN Stealth Scan Timing: About 13.42% done; ETC: 13:28 (0:19:47 remaining)
SYN Stealth Scan Timing: About 16.85% done; ETC: 13:27 (0:18:30 remaining)
SYN Stealth Scan Timing: About 22.25% done; ETC: 13:24 (0:14:51 remaining)
SYN Stealth Scan Timing: About 26.82% done; ETC: 13:23 (0:13:03 remaining)
SYN Stealth Scan Timing: About 31.23% done; ETC: 13:23 (0:12:04 remaining)
SYN Stealth Scan Timing: About 36.31% done; ETC: 13:22 (0:10:30 remaining)
SYN Stealth Scan Timing: About 40.32% done; ETC: 13:21 (0:09:40 remaining)
SYN Stealth Scan Timing: About 46.97% done; ETC: 13:20 (0:07:57 remaining)
SYN Stealth Scan Timing: About 52.33% done; ETC: 13:20 (0:06:53 remaining)
SYN Stealth Scan Timing: About 57.09% done; ETC: 13:19 (0:06:08 remaining)
SYN Stealth Scan Timing: About 61.93% done; ETC: 13:19 (0:05:21 remaining)
SYN Stealth Scan Timing: About 66.91% done; ETC: 13:19 (0:04:35 remaining)
SYN Stealth Scan Timing: About 71.85% done; ETC: 13:19 (0:03:50 remaining)
SYN Stealth Scan Timing: About 76.92% done; ETC: 13:19 (0:03:06 remaining)
SYN Stealth Scan Timing: About 81.71% done; ETC: 13:18 (0:02:25 remaining)
SYN Stealth Scan Timing: About 87.41% done; ETC: 13:18 (0:01:39 remaining)
SYN Stealth Scan Timing: About 92.70% done; ETC: 13:18 (0:00:58 remaining)
Completed SYN Stealth Scan at 13:18, 790.53s elapsed (65535 total ports)
Initiating Service scan at 13:18
Initiating OS detection (try #1) against 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Retrying OS detection (try #2) against 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Initiating Traceroute at 13:18
Completed Traceroute at 13:18, 0.21s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 13:18
Completed Parallel DNS resolution of 2 hosts. at 13:18, 0.05s elapsed
NSE: Script scanning 6x.x7.xx1.xx7.
NSE: Script Scanning completed.
Nmap scan report for 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Host is up (0.11s latency).
Not shown: 65530 filtered ports
PORT STATE SERVICE VERSION
1406/tcp closed unknown
1857/tcp closed unknown
3050/tcp closed unknown
3656/tcp closed unknown
3726/tcp closed unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: HP OpenVMS 7.3-1 (98%), Netasq U70 firewall (98%), AirSpan ProST WiMAX access point (97%), Apple iPhone mobile phone (iPhone OS 2.2.1) (97%), Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0, PowerPC) (97%), BinTec R1200 WAP (97%), Blue Coat SG200 proxy server (SGOS 5.1.4.4) (97%), HP LaserJet 4300 JetDirect FW R.25.57 (97%), HP Brocade 1600 switch (97%), Juniper Networks JUNOS 9.0R2.10 (97%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
TRACEROUTE (using port 3050/tcp)
HOP RTT ADDRESS
1 202.00 ms 10.204.96.1
2 198.00 ms 6x.x7.xx1.xx7.dyn.user.ono.com (6x.x7.xx1.xx7)
Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 796.93 seconds
Raw packets sent: 131516 (5.790MB) | Rcvd: 416 (17.802KB)
Con esta IP, lo que me sucedía es que al usar programas para trazar rutas, siempre me debía pasar por UK, y luego iba a España; de todas las IP que he probado, ésta es la única que me lo hace (mi problema está en que esta IP debería ser de UK y no de España).
¿Alguien sabría interpretar lo que dice el log; saber si esto es normal?
¿Estoy tratando con un usuario convencional?
Creo que esta persona es una impostora, y me gustaría tener información sobre ella para saber quién es...
Cualquier observación me será de grandísima ayuda.
Mil gracias.