Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NMAP and IPSEC on Windows 2000
From: Chad Loder <cloder () acm org>
Date: Fri, 19 Mar 2004 11:21:52 -0800

Jodi,

Do you have the Windows 2000 hotfix for NAT/T support
installed?  It is known to break raw socket support on
Win2k, so you should uninstall it if you have it.  The
patch number is Q818043 and you can probably see it
in your Add/Remove Programs control panel.

I reported this breakage to Microsoft months ago, but
it's probable they still haven't fixed it.  We should
probably add something to a README file somewhere
(fyodor?).

You can also try stopping the IPSEC service by doing:

        net stop policyagent

from the command line.  Things should work after that.

If you want to complain to Microsoft, you can reference
case #SRX030605602592 and tell them to get this fixed.
Otherwise they will never release a patch.

Best regards,
        Chad Loder
        Rapid7, Inc.
        http://www.rapid7.com

On Tue, Mar 16, 2004 at 12:02:40PM -0800, Jodi C wrote:
Hello,
 
I am having a problem with NMAP that I could not google or glean from your site.  I have a simply IPSEC policy on a 
Windows 2000 Server that is not part of a domain.  There are three rules in IPSEC that have worked pefrectly well for 
the intended purpose:
1.) Default Response Rule
2.) Deny TCP 445 and TCP 3389 - block from everyone
3.) Permit TCP 445 and TCP 3389 - Allow from only a handful of machines on our network.
 
If the policy is applied, NMAP returns no response at all and appears to hang.
If the policy is deactivated, NMAP returns a response in a few seconds.
 
I have tried unchecking all three filters, but still no response.  I am using "NMAP -sS -P0 -oN [IP]".  
 
Have you any known problems with Windows 2000 IPSEC and NMAP?  
 
Thanks for your help and the great tool,
 
J
 
 

Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]