dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
21710

Daniel
MVM
join:2000-06-26
San Francisco, CA

Daniel

MVM

An iPhone Scanned with Nmap

»dmiessler.com/blogarchiv ··· nmap-350

This is an nmap (3.50) scan of all 65,535 TCP ports on a default, non-hacked 1.1.3 iPhone. The scan was performed from an OS X system (MacPorts) sitting adjacent to the iPhone on a wireless network.

It appears there’s just one tcpwrapped service, on port 62,078, and Fyodor has evidently already added the requisite fingerprints since nmap’s OS detection pegged it perfectly as an iPhone.

kairin ~ $ sudo nmap -p 1-65535 -sV -O 10.10.126.2
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-24 20:50 PST
 
Interesting ports on 10.10.126.2:
Not shown: 65534 closed ports
PORT      STATE SERVICE    VERSION
62078/tcp open  tcpwrapped
 
MAC Address: 00:1C:B3:70:6A:DA (Apple)
Device type: phone|media device
Running: Apple embedded
OS details: Apple iPhone mobile phone or iPod Touch (Darwin 9.0.0d1)
 

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer

Premium Member

Nothing like an open door to invite trouble... Good post!
mikenolan7
Premium Member
join:2005-06-07
Torrance, CA

1 edit

mikenolan7 to Daniel

Premium Member

to Daniel
Looks the iPod Touch probably has the same open port. Could you see the access rules on the tcpwrapper?

Edit: I mean on the iPod, not with Nmap.

Cabal
Premium Member
join:2007-01-21

Cabal to Daniel

Premium Member

to Daniel
Here's mine, unhacked 1.1.3 full scan. Looks like I'm one version out of date now.
quote:
# nmap -sS -sU -sV -PN -O -T4 10.0.2.109

Starting Nmap 4.52 ( »insecure.org ) at 2008-01-25 00:44 EST
Interesting ports on 10.0.2.109:
Not shown: 2829 closed ports, 372 filtered ports
PORT STATE SERVICE VERSION
5353/udp open|filtered zeroconf
Device type: phone|media device|general purpose|web proxy|specialized
Running: Apple embedded, Apple Mac OS X 10.2.X|10.3.X|10.4.X|10.5.X, Blue Coat SGOS 5.X, FreeBSD 4.X, VMWare ESX Server 3.0.X
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at »insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 84.069 seconds
I got a lot of false positives on UDP scanning when I was actively browsing or otherwise using the phone, which was weird.

Daniel
MVM
join:2000-06-26
San Francisco, CA

1 edit

Daniel

MVM

You didn't do a full scan -- that was only a couple thousand ports. You need to add -p 1-65535 to do a full TCP scan. Then you'll get a proper identification of the OS because you'll have an open TCP port.

Cabal
Premium Member
join:2007-01-21

Cabal

Premium Member

Yeah yeah, by full I meant TCP + UDP. Will run again later next time I drop the wall between my subnets.

Khaine
join:2003-03-03
Australia

Khaine

Member

I'm currently running the same scan on my ipod touch. I'll post the results when its finished
Khaine

1 edit

Khaine

Member

Its taking forever to do a full scan on the ipod touch. Here is nmap -sV -O on it, while I wait for the full scan to finish

:~$sudo nmap -sV -O 192.168.2.4
 
Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-26 17:58 EST
Warning:  OS detection for 192.168.2.4 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 1697 scanned ports on 192.168.2.4 are closed
MAC Address: 00:1D:4F:23:28:5D (Unknown)
Device type: general purpose
Running: Apple Mac OS X 10.3.X|10.4.X|10.5.X, FreeBSD 4.x
OS details: Applie Mac OS X 10.3.9 - 10.4.7, Apple Mac OS X 10.4.8 (Tiger), OS X Server 10.5 (Leopard) pre-release build 9A284, FreeBSD 4.10-RELEASE (x86)
Network Distance: 1 hop
 
OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 18.221 seconds
 

EDIT
And here is nmap -O -p 60000-65000 192.168.2.4, while I wait for the full scan to finish

:~$ sudo nmap -O -p 60000-65000 192.168.2.4
 
Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-26 18:02 EST
Interesting ports on 192.168.2.4:
Not shown: 5000 closed ports
PORT      STATE SERVICE
62078/tcp open  unknown
MAC Address: 00:1D:4F:23:28:5D (Unknown)
No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.20%D=1/26%OT=62078%CT=60000%CU=44400%PV=Y%DS=1%G=Y%M=001D4F%TM=
OS:479ADB88%P=i686-pc-linux-gnu)SEQ(SP=0%GCD=1%ISR=1B%TI=I%II=I%SS=S%TS=1)S
OS:EQ(SP=0%GCD=1%ISR=1A%TI=I%II=I%SS=S%TS=1)OPS(O1=M5B4NW0NNT11SLL%O2=M5B4N
OS:W0NNT11SLL%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11SLL%O5=M5B4NW0NNT11SLL%O6=M5B4
OS:NNT11SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=
OS:Y%T=40%W=FFFF%O=M5B4NW0SLL%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q
OS:=)T2(R=Y%DF=Y%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=40%W
OS:=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
OS:T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=40%W=0%S=Z%A=S
OS:%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G
OS:%RUCK=0%RUL=G%RUD=G)IE(R=Y%DFI=S%T=40%TOSI=S%CD=S%SI=S%DLI=S)
 
Network Distance: 1 hop
 
OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 116.588 seconds