You are not logged in.
No actually I'm not trying to build a firewall. I was using one already made which I found here: https://aur.archlinux.org/packages/opensnitch-git/ which is what picked up the setpty service to begin with.
setpty.service:
[Unit]
Description=Setpty Service
[Service]
ExecStart=/bin/setpty
[Install]
WantedBy=multi-user.target
# ip route
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.102 metric 1024
10.0.2.0/24 dev virbr1 proto kernel scope link src 10.0.2.2 linkdown
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.102
192.168.1.1 dev eth0 proto dhcp scope link src 192.168.1.102 metric 1024
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
does my routing look messed up? What could be causing the inaccurate nmapping results.
Offline
If you disable that firewall service restart the system then run nmap again are the results the same?
Offline
What about `pacman -Qo $(readlink -f setpty.service)`?
How did that service get enabled? Either you enabled it directly, or you ran some odd script as root.
Last edited by Trilby (2018-03-20 19:38:06)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Disabled FW restarted made no difference to nmap results.
$ pacman -Qo $(readlink -f setpty.service)
error: No package owns /usr/lib/systemd/system/setpty.service
Offline
Does disabling the firewall remove the virtual bridges from the route?
How did that service get enabled? Either you enabled it directly, or you ran some odd script as root.
Also maybe upload the setpty binary somewhere for inspection.
Online
virtual bridges are still there.
any recommended place to upload for inspection?
Offline
So, what creates them?
You can upload the file wherever you want, maybe zip+password it to not upload pot. malware.
Online
Here's something simple.
Offline
Thanks CKnight70.
They're created from virtual machine manager I have installed (qemu virbr adaptors).
Any other reason why nmap could be wacked out?
Offline
Local portfilter (but that'd be your firewall?) - though i'm not sure why nmap would tell you ports are open if it cannot outbound to them.
Online
On the nmap issue is it constrained by any other security tools such as firejail, apparmor, selinux etc?
Is anything else adding iptables rules apart from the firwall (possibly disable the firewall reboot # iptables --list to check)
On the issue of setpty is the modification time of /usr/bin/setpty and /usr/lib/systemd/system/setpty.service the same?
Can you correlate that time with pacman.log / the journal see if you can recall what you were doing at that time?
Also have you ever run as root make install or a script you obtained from somewhere other than an arch package or installed something outside of pacman?
Offline
any recommended place to upload for inspection?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
On the nmap results, try
nmap -sV -p 2 mirror-isc3.debian.org
nmap -sV -p 443 mirror-isc3.debian.org
nmap apparently reacts this way to an actively responding IDS, at least with default scans.
Online
# nmap -sV -p 2 mirror-isc3.debian.org
Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-21 13:20 +03
Nmap scan report for mirror-isc3.debian.org (149.20.4.15)
Host is up (0.81s latency).
PORT STATE SERVICE VERSION
2/tcp open tcpwrapped
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.74 seconds
# nmap -sV -p 443 mirror-isc3.debian.org
Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-21 13:20 +03
Nmap scan report for mirror-isc3.debian.org (149.20.4.15)
Host is up (0.84s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd
Service Info: Host: www.debian.org
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 35.22 seconds
Offline
Online
You have been asked several times now where these files came from, how they came to be enabled, and whether you have run random scripts as root. Given that, every time these question are asked, you pointedly ignore them, I am going to assume that the latter is accurate; in which case I strongly reccommend that you nuke your installation, change any and all passwords you have used on that machine, and stop running random scripts you find on the internet.
Looking at your post history, it seems you have a habit of not answering questions from the community, or picking and choosing which questions to respond to. Please note that this is not productive behaviour, and abuses the goodwill of the community. Continuing to behave like this will result in your removal from the forums.
As this topic is now drifiting into a nmap support thread, I'm going to close it before it drifts any further.
Closing.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline