Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: NMAP and IPSEC on Windows 2000
From: "CBuH." <479001601 () mail ru>
Date: Wed, 17 Mar 2004 09:10:49 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 16 March 2004 23:02, Jodi C wrote:

Hello,

I am having a problem with NMAP that I could not google or glean from your
site.  I have a simply IPSEC policy on a Windows 2000 Server that is not
part of a domain.  There are three rules in IPSEC that have worked
pefrectly well for the intended purpose: 1.) Default Response Rule
2.) Deny TCP 445 and TCP 3389 - block from everyone
3.) Permit TCP 445 and TCP 3389 - Allow from only a handful of machines on
our network.

If the policy is applied, NMAP returns no response at all and appears to
hang. If the policy is deactivated, NMAP returns a response in a few
seconds.

I have tried unchecking all three filters, but still no response.  I am
using "NMAP -sS -P0 -oN [IP]".

Have you any known problems with Windows 2000 IPSEC and NMAP?

Thanks for your help and the great tool,

J



Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam



I have such a thing.

I have blocked all RST segments to answer on any TCP segments on my closed 
port (FreeBSD: sysctl net.inet.tcp.blackhole=1). Then nmap has to wait 
timeout (own I think) of his ``-sS''. But I do use it in background, and mail 
to self the results... 

smth'n like this:


Adding open port 139/tcp
adjust_timeout: packet supposedly had rtt of 8998802 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 8999683 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 8999304 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 8999123 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 8998997 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 8998917 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 20998982 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 20999879 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 20999501 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 20999304 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 20999177 microseconds.  Ignoring 
time.
adjust_timeout: packet supposedly had rtt of 20999097 microseconds.  Ignoring 
time.
Adding open port 587/tcp


Best wishes, folks!
- -- 

        CBuH. CG[CX] XVyGYjau 479001600(at)mail.ru, ICQ#70929413
        GnuPG(PGP) public key is: http://www.vinnied.narod.ru/pubkey.asc
        http://www.vinnied.narod.ru

        
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFAV+vp5Cj3gqxcdCoRAoCvAJ9p6WeDuZt+sOyn+SMv1//SljwqmQCdGZ9K
UOyMwDzAve2OkuPFxIQdYqU=
=LtjM
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]