I am scanning a fairly large network using -sS and I have some hosts
respond to nmap's SYN packet with only an ACK. I know this is a strange
way to behave for a host. Has anyone ever seens this before? It seems
intermittent because when I scan the host a second time, all is good.
Even when I craft the exact same packets using hping2, the host will
responds with SYN ACK (as it should).
The thing is, nmap 4.20 never reacts to these ACK packet. The port shows
up as filtered, and is not used to send TCP probes to either. I am not
sure what "state" nmap should give to such a port. Maybe open|filtered ?
--
Richard van den Berg
Senior Consultant, INS
E-mail: richard.vandenberg_at_ins.com
Mobile: +31 (0)6-52071109
PGP Key ID: 0x6614D2AC
Fingerprint: 6829 0AD3 2F49 6D83 B65E E235 B8D3 8299 6614 D2AC
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 03 2007
Intro
