Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: MAC replies

Re: MAC replies

From: <mark_at_lachniet.com>
Date: Tue, 19 Oct 2004 09:57:06 -0400 (EDT)

In a strange (but probably RARE on a LAN) case, you could have a firewall
or other device proxy-arp'ing for its NAT service or some kind of proxy,
when in fact the host on the other side of the device is actually down.
So that would be a false positive. I could see this happening if you were
portscanning, say, a DMZ from an inside network, or vice versa.

This isn't a particularly important hole in your theory, though, since
what you are describing would work pretty well for a LAN portscan in most
cases.

Mark Lachniet

> Now that nmap has the ability to log MAC addresses does it use the fact
> that it got an arp reply to establish that the host is in fact up, my
> idea here basically is that an ARP reply is basically the only sure way
> to determine if a host is up or not, if you don't get one, then that
> host must be down, if you do in 99.99% of cases it is up (feel free to
> correct me), so does, or should nmap use a positive ARP reply to say
> that the host is up?
> On top of that, ARP replies are also much faster than scanning all
> ports on closed hosts (-P0).
>
>
>
> Adam
>
>
> Where is it written in the Constitution, in what article or section is
> it contained, that you may take children from their parents and parents
> from their children, and compel them to fight the battles of any war in
> which the folly and wickedness of the government may engage itself?
> Under what concealment has this power lain hidden, which now for the
> first time comes forth, with a tremendous and baleful aspect, to
> trample down and destroy the dearest right of personal liberty? Who
> will show me any Constitutional injunction which makes it the duty of
> the American people to surrender everything valuable in life, and even
> life, itself, whenever the purposes of an ambitious and mischievous
> government may require it? . . . A free government with an uncontrolled
> power of military conscription is the most ridiculous and abominable
> contradiction and nonsense that ever entered into the heads of men.
> -Daniel Webster
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help@insecure.org . List archive: http://seclists.org
>
>

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Oct 19 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos