Richard van den Berg wrote:
> I've not seen a SYN coming from the remote host in this situation.
> However, since the ACK triggers a RESET from my local system this might
> be the reason. It's not likely though since the ACK and SYN should have
> been sent at the same time and I should have seen it arrive. It's too
> bad I cannot reproduce the issue when testing manually with netcat and
> hping2.
I agree with you on the ACK and SYN timing stuff, but, again, I don't
think the ACK|SYN would be separate in the first place.
> I don't know what these remote hosts are running. I've seen the issue
> with different hosts on the same network. It could be an active device
> in front of the real servers acting this way..
>
Hmm.. do your results change when using options like --data-length (or
maybe -f)? I'm not sure if that would help any, but it might narrow it
down some. I can hope, right? :)
Is it hosts *only* on this particular network? Have you had these
results anywhere else? Have you scanned from different networks?
Thanks,
Kris Katterjohn
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 04 2007
Intro
