Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: Nmap ICMP/TCP Ping Insubordination
From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Jul 2004 00:43:39 -0700
On Mon, Jun 07, 2004 at 11:40:59AM +0300, Noam Rathaus wrote:

Hi,

I noticed a very inconsitent (with the man file) behavior of Nmap, I run two 
command line:
1) ./nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com
(under the root user)
2) /nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com
(under the non-root user)


The difference is because -PT80 sends a TCP ACK probe when you are
root.  However, when non-root it has to fall back to connect(), which
effectively sends a SYN packet.  Meanwhile, Microsoft has a stateful
firewall in place which blocks the unexpected ACK packets (root user
case), while allowing the SYN (non-root user) because that just looks
like a normal connection attempt.  To get the same behavior in both
cases, use -PS80 instead of -PT80.

Cheers,
Fyodor

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]