Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
nmap scan of Kaspersky Endpoint firewall. Yikes!
387 views
Skip to first unread message
Todd
Sep 16, 2013, 10:59:39 PM9/16/13
to
Hi All,
Firewall?!?!? What firewall?!?!? What a piece of crap!
What is with all the idiot high port being open too?
-T
Kaspersky End Point Security 10.1.0.867 on Windows 7:
# nmap --reason 192.168.255.112
Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-16 19:42 PDT
Nmap scan report for KVM-W7.xxx.local (192.168.255.112)
Host is up, received arp-response (0.00044s latency).
Not shown: 989 closed ports
Reason: 989 resets
PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack
139/tcp open netbios-ssn syn-ack
445/tcp open microsoft-ds syn-ack
1110/tcp filtered nfsd-status no-response
5357/tcp open wsdapi syn-ack
49152/tcp open unknown syn-ack
49153/tcp open unknown syn-ack
49154/tcp open unknown syn-ack
49155/tcp open unknown syn-ack
49156/tcp open unknown syn-ack
49157/tcp open unknown syn-ack
Firewall?!?!? What firewall?!?!? What a piece of crap!
What is with all the idiot high port being open too?
-T
Kaspersky End Point Security 10.1.0.867 on Windows 7:
# nmap --reason 192.168.255.112
Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-16 19:42 PDT
Nmap scan report for KVM-W7.xxx.local (192.168.255.112)
Host is up, received arp-response (0.00044s latency).
Not shown: 989 closed ports
Reason: 989 resets
PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack
139/tcp open netbios-ssn syn-ack
445/tcp open microsoft-ds syn-ack
1110/tcp filtered nfsd-status no-response
5357/tcp open wsdapi syn-ack
49152/tcp open unknown syn-ack
49153/tcp open unknown syn-ack
49154/tcp open unknown syn-ack
49155/tcp open unknown syn-ack
49156/tcp open unknown syn-ack
49157/tcp open unknown syn-ack
David H. Lipman
Sep 17, 2013, 9:51:21 AM9/17/13
to
From: "Todd" <To...@invalid.invalid>
Is this a Desktop or a notebook ?
Is this a PC behind a NAT Router or a NAT Router with a full firewall
implementation ?
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
Is this a PC behind a NAT Router or a NAT Router with a full firewall
implementation ?
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
Todd
Sep 17, 2013, 1:30:33 PM9/17/13
to
It is a Virtual Machine (guest) sitting directory on
the local network (192.168.255.0/24). No firewall or router.
I issued the nmap command from the command line on the host.
If the guest wants to get to the Internet, it has to got through
the host machine's second Ethernet port, which runs
an iptables firewall, then the NAT DSL router/modem.
-T
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
the riddle wrapped in an enigma wrapped
in a couple slices of baloney
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Todd
Sep 17, 2013, 3:26:50 PM9/17/13
to
assignments for MSRPC (remote proceedure call).
Reference:
http://serverfault.com/questions/526607/what-is-msrpc-needed-for-on-a-windows-7-workstation
Port Serv Process name
49152, msrpc [wininit.exe]
49153, msrpc [svchost.exe, Eventlog]
49154, msrpc [svchost.exe, Schedule]
49155, msrpc [lsass.exe]
49157, msrpc [services.exe]
49159, msrpc [svchost.exe, PolicyAgent]
Todd
Sep 18, 2013, 6:00:11 PM9/18/13
to
On 09/16/2013 07:59 PM, Todd wrote:
Figured it out how to "stealth" Kaspersky's firewall.
Here are my notes.
-T
Hey, I don't always ask questions!
How to make Kaspersky End Point Security 10.1.0.867 "Stealth":
--> Kaspersky Setting
--> Anti Virus Protection, Firewall (Left Column)
--> Network Packet Rules (button on right)
A table will show. Find
-->> TCP connections through the local port
-->> UDP connections through the local port
Press the "edit" icon at the top margin and change both to "Block"
If you actually want an open port, items above other items on this
table take precedence. So create a new rule (Open VPN for instance)
above these two rules.
0 new messages