Firewall or default to no services

During an experiment with nmap, I discovered that Parrot leaks a LOT more than Windows 10 by default, which is disheartening or downright frightening for a security-centric distro.
These were the results for my local scan:

C:\Program Files (x86)\Nmap>nmap -sS -sU -T4 -A -v -PE -PP -PS80, 443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" --script-args 'shodan-api.outfile=scan.csv,shodan-api.apikey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx','mtrace.fromip=192.168.168.168' 192.168.255.129

Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-11 12:52 W. Europe Standard Time

NSE: Loaded 285 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 12:52

NSE: [mtrace] A source IP must be provided through fromip argument.


Completed NSE at 12:52, 10.67s elapsed

Initiating NSE at 12:52

Completed NSE at 12:52, 0.00s elapsed

Initiating NSE at 12:52

Completed NSE at 12:52, 0.00s elapsed

Pre-scan script results:

| broadcast-igmp-discovery:

| 192.168.255.1

| Interface: eth0

| Version: 2

| Group: 224.0.0.252

| Description: Link-local Multicast Name Resolution (rfc4795)

|_ Use the newtargets script-arg to add the results as targets

| broadcast-ping:

| IP: 192.168.255.2 MAC: 00:50:56:e9:8e:fb

|_ Use --script-args=newtargets to add the results as targets

| targets-asn:

|_ targets-asn.asn is a mandatory parameter

Failed to resolve "443".

Initiating ARPPing Scan at 12:52

Scanning 192.168.255.129 [1 port]

Completed ARPPing Scan at 12:52, 0.09s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 12:52

Completed Parallel DNS resolution of 1 host. at 12:52, 0.00s elapsed

Initiating SYN Stealth Scan at 12:52

Scanning 192.168.255.129 [1000 ports]

Discovered open port 139/tcp on 192.168.255.129

Discovered open port 445/tcp on 192.168.255.129

Completed SYN Stealth Scan at 12:52, 0.27s elapsed (1000 total ports)

Initiating UDP Scan at 12:52

Scanning 192.168.255.129 [1000 ports]

Increasing send delay for 192.168.255.129 from 0 to 50 due to max_successful_tryno increase to 5

Increasing send delay for 192.168.255.129 from 50 to 100 due to max_successful_tryno increase to 6

Warning: 192.168.255.129 giving up on port because retransmission cap hit (6).

Increasing send delay for 192.168.255.129 from 100 to 200 due to 11 out of 13 dropped probes since last increase.

Discovered open port 137/udp on 192.168.255.129

UDP Scan Timing: About 6.36% done; ETC: 13:01 (0:07:37 remaining)

Increasing send delay for 192.168.255.129 from 200 to 400 due to 11 out of 12 dropped probes since last increase.

Increasing send delay for 192.168.255.129 from 400 to 800 due to 11 out of 11 dropped probes since last increase.

UDP Scan Timing: About 9.64% done; ETC: 13:03 (0:09:32 remaining)

UDP Scan Timing: About 12.70% done; ETC: 13:04 (0:10:26 remaining)

UDP Scan Timing: About 33.44% done; ETC: 13:07 (0:09:47 remaining)

UDP Scan Timing: About 39.84% done; ETC: 13:07 (0:09:01 remaining)

UDP Scan Timing: About 45.84% done; ETC: 13:08 (0:08:14 remaining)

UDP Scan Timing: About 51.13% done; ETC: 13:08 (0:07:28 remaining)

UDP Scan Timing: About 56.61% done; ETC: 13:08 (0:06:41 remaining)

UDP Scan Timing: About 62.10% done; ETC: 13:08 (0:05:52 remaining)

UDP Scan Timing: About 67.66% done; ETC: 13:08 (0:05:03 remaining)

UDP Scan Timing: About 72.84% done; ETC: 13:08 (0:04:15 remaining)

UDP Scan Timing: About 78.33% done; ETC: 13:08 (0:03:24 remaining)

UDP Scan Timing: About 83.81% done; ETC: 13:08 (0:02:33 remaining)

UDP Scan Timing: About 88.97% done; ETC: 13:08 (0:01:45 remaining)

UDP Scan Timing: About 94.24% done; ETC: 13:08 (0:00:55 remaining)

Completed UDP Scan at 13:09, 982.67s elapsed (1000 total ports)

Initiating Service scan at 13:09

Scanning 19 services on 192.168.255.129

Service scan Timing: About 21.05% done; ETC: 13:17 (0:06:08 remaining)

Completed Service scan at 13:10, 102.93s elapsed (19 services on 1 host)

Initiating OS detection (try #1) against 192.168.255.129

NSE: Script scanning 192.168.255.129.

Initiating NSE at 13:11

Completed NSE at 13:16, 301.41s elapsed

Initiating NSE at 13:16

Completed NSE at 13:16, 1.03s elapsed

Initiating NSE at 13:16

Completed NSE at 13:16, 0.00s elapsed

Nmap scan report for 192.168.255.129

Host is up (0.00s latency).

Not shown: 1981 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 4.9.4-Debian (workgroup: WORKGROUP)

68/udp open|filtered dhcpc

137/udp open netbios-ns Samba nmbd netbios-ns (workgroup: WORKGROUP)

138/udp open|filtered netbios-dgm

389/udp open|filtered ldap

|_ldap-rootdse: ERROR: Script execution failed (use -d to debug)

402/udp open|filtered genie

990/udp open|filtered ftps

1026/udp open|filtered win-rpc

16449/udp open|filtered unknown

16503/udp open|filtered unknown

17207/udp open|filtered unknown

17592/udp open|filtered unknown

22986/udp open|filtered unknown

25157/udp open|filtered unknown

42431/udp open|filtered unknown

49169/udp open|filtered unknown

49201/udp open|filtered unknown

53006/udp open|filtered unknown

MAC Address: 00:0C:29:2C:42:10 (VMware)

Device type: general purpose

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4

OS details: Linux 3.2 - 4.9

Uptime guess: 10.849 days (since Thu Jan 31 16:53:49 2019)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=252 (Good luck!)

IP ID Sequence Generation: All zeros

Service Info: Host: PARROT

Host script results:

|_clock-skew: mean: -19m58s, deviation: 34m37s, median: 1s

|_fcrdns: FAIL (No PTR record)

| firewalk:

| HOP HOST PROTOCOL BLOCKED PORTS

|_0 192.168.255.128 udp 68,138,389,402,990,1026,16449,16503,17207,17592

|_ipidseq: All zeros

|_msrpc-enum: NT_STATUS_OBJECT_NAME_NOT_FOUND

| nbstat: NetBIOS name: PARROT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)

| Names:

| PARROT<00> Flags: <unique><active>

| PARROT<03> Flags: <unique><active>

| PARROT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<00> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

|_ WORKGROUP<1e> Flags: <group><active>

|_path-mtu: PMTU ==1500

| qscan:

| PORT FAMILY MEAN (us) STDDEV LOSS (%)

|10 1125400.00 2745188.93 0.0%

|1370 652800.00 809179.12 0.0%

|1390 1407300.00 3725201.50 0.0%

|_445 0 1604400.00 4205352.23 0.0%

| smb-mbenum:

| DFS Root

| PARROT 0.0 Samba 4.9.4-Debian

| Master Browser

| PARROT 0.0 Samba 4.9.4-Debian

|Print server

| PARROT 0.0 Samba 4.9.4-Debian

| Server

| PARROT 0.0 Samba 4.9.4-Debian

| Server service

| DESKTOP-NBU6LUH 0.0

| DF-WORKSTATION 0.0

| PARROT 0.0 Samba 4.9.4-Debian

| Unix server

| PARROT 0.0 Samba 4.9.4-Debian

| Windows NT/2000/XP/2003 server

| DESKTOP-NBU6LUH 0.0

| DF-WORKSTATION 0.0

| PARROT 0.0 Samba 4.9.4-Debian

| Workstation

| DESKTOP-NBU6LUH 0.0

| DF-WORKSTATION 0.0

|_ PARROT 0.0 Samba 4.9.4-Debian

| smb-os-discovery:

| OS: Windows 6.1 (Samba 4.9.4-Debian)

| Computer name: parrot

| NetBIOS computer name: PARROT\x00

| Domain name: \x00

| FQDN: parrot

|_ System time: 2019-02-11T13:11:02+01:00

| smb-protocols:

| dialects:

| NT LM 0.12 (SMBv1) [dangerous, but default]

| 2.02

| 2.10

| 3.00

| 3.02

|_ 3.11

| smb-security-mode:

| account_used: guest

| authentication_level: user

| challenge_response: supported

|_ message_signing: disabled (dangerous, but default)

| smb2-capabilities:

| 2.02:

| Distributed File System

| 2.10:

| Distributed File System

| Leasing

| Multi-credit operations

| 3.00:

| Distributed File System

| Leasing

| Multi-credit operations

| 3.02:

| Distributed File System

| Leasing

| Multi-credit operations

| 3.11:

| Distributed File System

| Leasing

|_ Multi-credit operations

| smb2-security-mode:

| 2.02:

|_ Message signing enabled but not required

| smb2-time:

| date: 2019-02-11 13:11:02

|_ start_date: N/A

| traceroute-geolocation:

| HOP RTT ADDRESS GEOLOCATION

|_ 1 0.00 192.168.255.129 - ,-

TRACEROUTE

HOP RTT ADDRESS

1 0.00 ms 192.168.255.129

NSE: Script Post-scanning.

Initiating NSE at 13:16

Completed NSE at 13:16, 0.00s elapsed

Initiating NSE at 13:16

Completed NSE at 13:16, 0.00s elapsed

Initiating NSE at 13:16

Completed NSE at 13:16, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 1418.35 seconds

Raw packets sent: 2492 (92.041KB) | Rcvd: 2111 (101.996KB)

C:\Program Files (x86)\Nmap>

Lets simplify this

From what I can determine all ports you listed other than 139 and 445 are filtered

From the Nmap documentation

Quote :

"open|filtered

Nmap places ports in this state when it is unable to determine whether
a port is open or filtered. This occurs for scan types in which open
ports give no response. The lack of response could also mean that a
packet filter dropped the probe or any response it elicited. So Nmap
does not know for sure whether the port is open or being filtered. The
UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way."

Ports 139 and 445 are showing as open on your Parrot installation

Is it reasonable to presume you are sharing files between the windows machine you ran this scan from and your parrot Installation ? If so then this will be due to Samba

https://www.varonis.com/blog/smb-port/

As for the other information, I ran the same scan on a windows 10 laptop and got a lot more output than what I received from a fresh Parrot installation (I ran a fresh install to investigate). I cant share the windows information as its from a domain based device, and whilst off the domain at the moment it still hosts sensitive information

To wrap it up - the level of information is to be expected from the Nmap scan that you ran.

Well that would make sense, if it wasn’t for the fact that the reverse (from Parrot to Windows, both VMs) revealed much less. And a control attempt at Ubuntu, gave no results at all. The accuracy of the OS fingerprinting is also of concern.

I am currently studying for a degree in Digital Forensics, and for other experience I am trying out some pentesting. For now in a controlled environment, but later maybe professionaly. So I would like to have reliable tools.

Even being on par with with Windows 10 (which it actually was not), and bested by vanilla Ubuntu, is not nearly good enough in my opinion.

While I much appreciate the most part of Parrot, I have chosen it for the security aspect of the distro. And thus, my expectations are not only greater, but I am in practice relying on it.

As you are using VM"s could you try your research again and note the diffrences when using both NAT and bridged mode for VM"s

See this link

I ran my tests on both bare metal and VM which would probably account for varying results.

Thanks for the suggestions, but this is between the two VMs which both run on the same NAT virtual network (VMWare Workstation 15.02). And given that the results are from a scan of one particular host address and not the the whole network segment, and that the reply is from that one particular host, of that kind of accuracy, I can’t quite see the relevance of the linked propositions.

And it will not explain or refute the findings even if it was.

My main point is that these should not be detected at all. From a security perspective, a default to implicit deny is always the most sound. Then you explicitly allow for the services you absolutely need and not the other way around.

This was the results from Parrot to the Windows host:

 ┌─[x@parrot]─[~]
 
 └──╼ $sudo nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" --script-args 'shodan-api.outfile=scan.csv,shodan-api.apikey=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx','mtrace.fromip=192.168.168.168' 192.168.255.128
 
 Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-11 09:23 CET
 
 NSE: Loaded 285 scripts for scanning.
 
 NSE: Script Pre-scanning.
 
 Initiating NSE at 09:23
 
 Completed NSE at 09:23, 10.40s elapsed
 
 Initiating NSE at 09:23
 
 Completed NSE at 09:23, 0.00s elapsed
 
 Initiating NSE at 09:23
 
 Completed NSE at 09:23, 0.00s elapsed
 
 Pre-scan script results:
 
 | broadcast-igmp-discovery:
 
 | 192.168.255.1
 
 | Interface: eth0
 
 | Version: 2
 
 | Group: 224.0.0.251
 
 | Description: mDNS (rfc6762)
 
 | 192.168.255.128
 
 | Interface: eth0
 
 | Version: 2
 
| Group: 224.0.0.252
 
 | Description: Link-local Multicast Name Resolution (rfc4795)
 
 | 192.168.255.128
 
 | Interface: eth0
 
 | Version: 2
 
 | Group: 239.255.255.250
 
 | Description: Organization-Local Scope (rfc2365)
 
 |_ Use the newtargets script-arg to add the results as targets
 
 | broadcast-ping:
 
 | IP: 192.168.255.2 MAC: 00:50:56:e9:8e:fb
 
 |_ Use --script-args=newtargets to add the results as targets
 
 | targets-asn:
 
 |_ targets-asn.asn is a mandatory parameter
 
 Initiating ARPPing Scan at 09:23
 
 Scanning 192.168.255.128 [1 port]
 
 Completed ARPPing Scan at 09:23, 0.03s elapsed (1 total hosts)
 
 Initiating Parallel DNS resolution of 1 host. at 09:23
 
 Completed Parallel DNS resolution of 1 host. at 09:23, 0.01s elapsed
 
 Initiating SYN Stealth Scan at 09:23
 
 Scanning 192.168.255.128 [1000 ports]
 
 Discovered open port 139/tcp on 192.168.255.128
 
 Discovered open port 445/tcp on 192.168.255.128
 
 Discovered open port 135/tcp on 192.168.255.128
 
 Completed SYN Stealth Scan at 09:23, 4.48s elapsed (1000 total ports)
 
 Initiating UDP Scan at 09:23
 
 Scanning 192.168.255.128 [1000 ports]
 
 Discovered open port 137/udp on 192.168.255.128
 
 Completed UDP Scan at 09:23, 3.99s elapsed (1000 total ports)
 
 Initiating Service scan at 09:23
 
 Scanning 1003 services on 192.168.255.128
 
 Service scan Timing: About 0.50% done
 
 Service scan Timing: About 3.49% done; ETC: 10:57 (1:30:21 remaining)
 
 Service scan Timing: About 6.48% done; ETC: 10:38 (1:10:28 remaining)
 
 Service scan Timing: About 9.47% done; ETC: 10:32 (1:02:17 remaining)
 
 Service scan Timing: About 12.46% done; ETC: 10:28 (0:57:08 remaining)
 
 Service scan Timing: About 15.45% done; ETC: 10:26 (0:53:26 remaining)
 
 Service scan Timing: About 20.54% done; ETC: 10:19 (0:44:22 remaining)
 
 Service scan Timing: About 21.44% done; ETC: 10:24 (0:47:42 remaining)
 
 Service scan Timing: About 26.32% done; ETC: 10:19 (0:41:15 remaining)
 
 Service scan Timing: About 32.30% done; ETC: 10:19 (0:37:41 remaining)
 
 Service scan Timing: About 38.29% done; ETC: 10:19 (0:34:14 remaining)
 
 Service scan Timing: About 44.27% done; ETC: 10:18 (0:30:49 remaining)
 
 Service scan Timing: About 50.25% done; ETC: 10:18 (0:27:27 remaining)
 
 Service scan Timing: About 56.23% done; ETC: 10:18 (0:24:08 remaining)
 
 Service scan Timing: About 62.21% done; ETC: 10:18 (0:20:48 remaining)
 
 Service scan Timing: About 68.20% done; ETC: 10:18 (0:17:29 remaining)
 
 Service scan Timing: About 74.18% done; ETC: 10:18 (0:14:11 remaining)
 
 Service scan Timing: About 80.16% done; ETC: 10:18 (0:10:53 remaining)
 
 Service scan Timing: About 85.64% done; ETC: 10:18 (0:07:55 remaining)
 
 Service scan Timing: About 91.63% done; ETC: 10:18 (0:04:37 remaining)
 
 Service scan Timing: About 97.61% done; ETC: 10:18 (0:01:19 remaining)
 
 Completed Service scan at 10:18, 3318.26s elapsed (1003 services on 1 host)
 
 Initiating OS detection (try #1) against 192.168.255.128
 
 Retrying OS detection (try #2) against 192.168.255.128
 
 NSE: Script scanning 192.168.255.128.
 
 Initiating NSE at 10:18
 
 Completed NSE at 10:19, 58.54s elapsed
 
 Initiating NSE at 10:19
 
 Completed NSE at 10:20, 55.01s elapsed
 
 Initiating NSE at 10:20
 
 Completed NSE at 10:20, 3.23s elapsed
 
 Nmap scan report for 192.168.255.128
 
 Host is up (0.00030s latency).
 
 Not shown: 999 open|filtered ports, 997 filtered ports
 
 PORT STATE SERVICE VERSION
 
 135/tcp open msrpc Microsoft Windows RPC
 
 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
 
 |_smb-enum-services: ERROR: Script execution failed (use -d to debug)
 
 445/tcp open microsoft-ds?
 
 |_smb-enum-services: ERROR: Script execution failed (use -d to debug)
 
 137/udp open netbios-ns Microsoft Windows netbios-ssn (workgroup: WORKGROUP)
 
 MAC Address: 00:0C:29:3F:98:28 (VMware)
 
 Warning: OSScan results may be unreliable because we could notfindat least 1 open and 1 closed ort
 
 Device type: general purpose
 
 Running (JUST GUESSING): Microsoft Windows XP|7|2008 (87%)
 
 OS CPE: cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_7 pe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_server_2008:r2
 
 Aggressive OS guesses: Microsoft Windows XP SP2 (87%), Microsoft Windows 7 (85%), Microsoft indows Server 2008 SP1 or Windows Server 2008 R2 (85%)
 
 No exact OS matches for host (test conditions non-ideal).
 
 Network Distance: 1 hop
 
 TCP Sequence Prediction: Difficulty=263 (Good luck!)
 
 IP ID Sequence Generation: Incremental
 
 Service Info: Host: DESKTOP-NBU6LUH; OS: Windows; CPE: cpe:/o:microsoft:windows
 
 Host script results:
 
 |_clock-skew: mean: -1s, deviation: 0s, median: -1s
 
 |_fcrdns: FAIL (No PTR record)
 
 | firewalk:
 
 | HOP HOST PROTOCOL BLOCKED PORTS
 
 |0 192.168.255.129 tcp 1,3-4,6-7,9,13,17,19-20
 
 |_ udp 2-3,7,9,13,17,19-22
 
 |_ipidseq: Incremental!
 
 |_msrpc-enum: Could not negotiate a connection:SMB: ERROR: Server disconnected the connection
 
 | nbstat: NetBIOS name: DESKTOP-NBU6LUH, NetBIOS user: <unknown>, NetBIOS MAC: 0:0c:29:3f:98:28 (VMware)

 | Names:
 
 | DESKTOP-NBU6LUH<00> Flags: <unique><active>
 
 | DESKTOP-NBU6LUH<20> Flags: <unique><active>
 
 |_ WORKGROUP<00> Flags: <group><active>
 
 |_path-mtu: PMTU ==1500
 
 | qscan:
 
 | PORT FAMILY MEAN (us) STDDEV LOSS (%)
 
 |1350 336.70 64.20 0.0%
 
 |1370 0.00 -0.00 100.0%
 
 |1391 296.20 31.76 0.0%
 
 |_445 0 311.30 31.15 0.0%
 
 | smb-mbenum:
 
 |_ ERROR: Failed to connect to browser service: Could not negotiate a connection:SMB: ERROR: erver disconnected the connection
 
 | smb-protocols:
 
 | dialects:
 
 | 2.02
 
 | 2.10
 
 | 3.00
 
 | 3.02
 
 |_ 3.11
 
 | smb2-capabilities:
 
 | 2.02:
 
 | Distributed File System
 
 | 2.10:
 
 | Distributed File System
 
 | Leasing
 
 | Multi-credit operations
 
 | 3.00:
 
 | Distributed File System
 
 | Leasing
 
 | Multi-credit operations
 
 | 3.02:
 
 | Distributed File System
 
 | Leasing
 
 | Multi-credit operations
 
 | 3.11:
 
 | Distributed File System
 
 | Leasing
 
 |_ Multi-credit operations
 
 | smb2-security-mode:
 
 | 2.02:
 
 |_ Message signing enabled but not required
 
 | smb2-time:
 
 | date: 2019-02-11 10:18:58
 
 |_ start_date: N/A
 
 | traceroute-geolocation:
 
 | HOP RTT ADDRESS GEOLOCATION
 
 |_ 1 0.30 192.168.255.128 - ,-
 
 TRACEROUTE
 
 HOP RTT ADDRESS
 
 1 0.30 ms 192.168.255.128
 
 NSE: Script Post-scanning.
 
 Initiating NSE at 10:20
 
 Completed NSE at 10:20, 0.00s elapsed
 
 Initiating NSE at 10:20
 
 Completed NSE at 10:20, 0.00s elapsed
 
 Initiating NSE at 10:20
 
 Completed NSE at 10:20, 0.00s elapsed
 
 Post-scan script results:
 
 | shodan-api: Shodan done: 0 hosts up.
 
 |_Wrote Shodan output to: scan.csv
 
 Read data files from: /usr/bin/../share/nmap
 
 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 
 Nmap done: 1 IP address (1 host up) scanned in 3459.12 seconds
 
 Raw packets sent: 4162 (157.776KB) | Rcvd: 27 (1.885KB)
 
 ┌─[x@parrot]─[~]
 
 └──╼ $

And this on Parrot after activating firewall:

 C:\Program Files (x86)\Nmap>nmap -sS -sU -T4 -A -v -PE -PP -PS80, 443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" --script-args 'shodan-api.outfile=scan.csv,shodan-api.apikey=xxxxxxxxxxxxxxxxxxxxxx','mtrace.fromip=192.168.168.168' 192.168.255.129
 
 Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-11 17:07 W. Europe Standard Time
 
 NSE: Loaded 285 scripts for scanning.
 
 NSE: Script Pre-scanning.
 
 Initiating NSE at 17:07
 
 NSE: [shodan-api] Error: Please specify your ShodanAPI key with the shodan-api.apikey argument
 
NSE: [mtrace] A source IP must be provided through fromip argument.
 
 Completed NSE at 17:07, 10.54s elapsed
 
 Initiating NSE at 17:07
 
 Completed NSE at 17:07, 0.00s elapsed
 
 Initiating NSE at 17:07
 
 Completed NSE at 17:07, 0.00s elapsed
 
 Pre-scan script results:
 
 | broadcast-igmp-discovery:
 
 | 192.168.255.1
 
 | Interface: eth0
 
 | Version: 2
 
 | Group: 224.0.0.251
 
 | Description: mDNS (rfc6762)
 
 | 192.168.255.1
 
 | Interface: eth0
 
 | Version: 2
 
 | Group: 224.0.0.252
 
 | Description: Link-local Multicast Name Resolution (rfc4795)
 
 | 192.168.255.1
 
 | Interface: eth0
 
 | Version: 2
 
 | Group: 239.255.255.250
 
 | Description: Organization-Local Scope (rfc2365)
 
 |_ Use the newtargets script-arg to add the results as targets
 
 | broadcast-ping:
 
 | IP: 192.168.255.2 MAC: 00:50:56:e9:8e:fb
 
 |_ Use --script-args=newtargets to add the results as targets
 
 | targets-asn:
 
 |_ targets-asn.asn is a mandatory parameter
 
 Failed to resolve "443".
 
 Initiating ARPPing Scan at 17:07
 
 Scanning 192.168.255.129 [1 port]
 
 Completed ARPPing Scan at 17:07, 0.11s elapsed (1 total hosts)
 
 Initiating Parallel DNS resolution of 1 host. at 17:07
 
 Completed Parallel DNS resolution of 1 host. at 17:07, 0.01s elapsed
 
 Initiating SYN Stealth Scan at 17:07
 
 Scanning 192.168.255.129 [1000 ports]
 
 Completed SYN Stealth Scan at 17:07, 23.94s elapsed (1000 total ports)
 
 Initiating UDP Scan at 17:07
 
 Scanning 192.168.255.129 [1000 ports]
 
 Completed UDP Scan at 17:08, 23.95s elapsed (1000 total ports)
 
 Initiating Service scan at 17:08
 
 Scanning 1000 services on 192.168.255.129
 
 Service scan Timing: About 0.40% done
 
 Service scan Timing: About 3.10% done; ETC: 18:53 (1:42:07 remaining)
 
 Service scan Timing: About 6.10% done; ETC: 18:28 (1:15:26 remaining)
 
 Service scan Timing: About 9.10% done; ETC: 18:20 (1:05:16 remaining)
 
 Service scan Timing: About 12.10% done; ETC: 18:15 (0:59:20 remaining)
 
 Service scan Timing: About 15.10% done; ETC: 18:13 (0:55:06 remaining)
 
 Service scan Timing: About 18.10% done; ETC: 18:11 (0:51:44 remaining)
 
 Service scan Timing: About 23.40% done; ETC: 18:04 (0:43:03 remaining)
 
 Service scan Timing: About 24.10% done; ETC: 18:09 (0:46:18 remaining)
 
 Service scan Timing: About 29.30% done; ETC: 18:04 (0:39:37 remaining)
 
 Service scan Timing: About 35.30% done; ETC: 18:04 (0:36:05 remaining)
 
 Service scan Timing: About 41.30% done; ETC: 18:03 (0:32:37 remaining)
 
 Service scan Timing: About 47.30% done; ETC: 18:03 (0:29:13 remaining)
 
 Service scan Timing: About 53.30% done; ETC: 18:03 (0:25:50 remaining)
 
 Service scan Timing: About 59.30% done; ETC: 18:03 (0:22:29 remaining)
 
 Service scan Timing: About 65.30% done; ETC: 18:03 (0:19:08 remaining)
 
 Service scan Timing: About 71.30% done; ETC: 18:03 (0:15:49 remaining)
 
 Service scan Timing: About 77.30% done; ETC: 18:03 (0:12:29 remaining)
 
 Service scan Timing: About 83.30% done; ETC: 18:03 (0:09:11 remaining)
 
 Service scan Timing: About 88.80% done; ETC: 18:03 (0:06:11 remaining)
 
 Service scan Timing: About 94.80% done; ETC: 18:03 (0:02:52 remaining)
 
 Service scan Timing: About 99.10% done; ETC: 18:04 (0:00:30 remaining)
 
 Completed Service scan at 18:03, 3330.79s elapsed (1000 services on 1 host)
 
 Initiating OS detection (try #1) against 192.168.255.129
 
 Retrying OS detection (try #2) against 192.168.255.129
 
 NSE: Script scanning 192.168.255.129.
 
 Initiating NSE at 18:03
 
 Completed NSE at 18:04, 48.47s elapsed
 
 Initiating NSE at 18:04
 
> NSOCK ERROR [3469.3630s] mksock_bind_addr(): Bind to 0.0.0.0:123 failed (IOD #284): An ttempt was made to access a socket in a way forbidden by its access permissions. (10013)
 
 NSOCK ERROR [3487.5230s] mksock_bind_addr(): Bind to 0.0.0.0:123 failed (IOD #654): An ttempt was made to access a socket in a way forbidden by its access permissions. (10013)
 
 NSOCK ERROR [3503.6620s] mksock_bind_addr(): Bind to 0.0.0.0:123 failed (IOD #994): An ttempt was made to access a socket in a way forbidden by its access permissions. (10013)
 
 Completed NSE at 18:05, 48.61s elapsed
 
 Initiating NSE at 18:05
 
 Completed NSE at 18:05, 3.19s elapsed
 
 Nmap scan report for 192.168.255.129
 
 Host is up (0.00s latency).
 
 All 2000 scanned ports on 192.168.255.129 are filtered (1000) or open|filtered (1000)
 
 MAC Address: 00:0C:29:2C:42:10 (VMware)
 
 Too many fingerprints match this host to give specific OS details
 
 Network Distance: 1 hop
 
 Host script results:
 
 |_fcrdns: FAIL (No PTR record)
 
 | firewalk:
 
 | HOP HOST PROTOCOL BLOCKED PORTS
 
 |0 192.168.255.128 tcp 1,3-4,6-7,9,13,17,19-20
 
 |_ udp 2-3,7,9,13,17,19-22
 
 | traceroute-geolocation:
 
 | HOP RTT ADDRESS GEOLOCATION
 
 |_ 1 0.00 192.168.255.129 - ,-
 
 TRACEROUTE
 
 HOP RTT ADDRESS
 
 1 0.00 ms 192.168.255.129
 
 NSE: Script Post-scanning.
 
 Initiating NSE at 18:05
 
 Completed NSE at 18:05, 0.00s elapsed
 
 Initiating NSE at 18:05
 
 Completed NSE at 18:05, 0.00s elapsed
 
 Initiating NSE at 18:05
 
 Completed NSE at 18:05, 0.00s elapsed
 
 Read data files from: C:\Program Files (x86)\Nmap
 
 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 
 Nmap done: 1 IP address (1 host up) scanned in 3510.96 seconds
 
 Raw packets sent: 4077 (152.038KB) | Rcvd: 5 (680B)
 
 C:\Program Files (x86)\Nmap>

Before we may accept any of this data as real/correct please rerun your command but use a real shodan api key and provide a real source ip. We cannot validate any of your data as real as you are using a template command and not a command that actually functions as it should. We will be closing this topic unless you can reply with the output after using a proper working nmap command and not a template command. Also please validate with another os’s vm to verify if the open ports are caused by vmware and not parrot. And Please remember to modify your mtrace. If you do not the scan is worthless.

Hi,
I masked out the Shodan API key in the two first for privacy concerns. And the last was run without any key, when I realized that it would not have any effect on a local scan. I can not see how the source IP would affect the results either.

I will replicate the experiment and provide the results with the right parameters dialled in, which I didn’t take the time to do at the moment.

But I can’t really understand how the VM could affect the results. The VM is just a container for the OS, and the NAT/bridge is just the virtual network infrastructure. Also, the results difference between the two should also provide some evidence.

I am not trying to put anything or anyone down, but I am raising a concern, as I would like to help to improve, if indeed it is the case of my findings.

By the way:
The mtrace parameter was omitted by accident. Much because whole experiment was to replicate a port scan and a Syn-flood on a target and record it in Wireshark to try to prove or disprove a hypothesis in my academic Term Paper, so I wasn’t too thorough with the right parameters because it was not needed.

Alright we will look into this some more.