Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Apparent Bug in Nmap
From: Fyodor <fyodor () insecure org>
Date: Thu, 4 Jun 2009 14:44:43 -0700

On Thu, Jun 04, 2009 at 11:38:03AM -0500, sbammel wrote:
Test #2: (shows 10.11.0.1 up when it is not)

Nmap Command:
c:\Temp\nmap>nmap -sP 10.11.0.2 10.11.0.1
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-04 11:19 Central Daylight Time
Host 10.11.0.1 is up (0.00s latency).
Nmap done: 2 IP addresses (1 host up) scanned in 1.74 seconds

Ethereal Output:
No.     Time        Source                Destination           Protocol Info
     10 11.277806   10.10.0.81            10.11.0.1             TCP      62969 > http [ACK] Seq=0 Ack=0 Win=3072 Len=0
     11 11.278167   10.11.0.1             10.10.0.81            ICMP     Destination unreachable (Host unreachable)

Hi Stanley.  Whether to consider a host "up" can be a touch policy
decision.  We tend to err on the side of considering hosts up rather
than being too strict about it.  In this case above, Nmap receives a
packet purportedly FROM 10.11.0.1 claiming that it is not reachable.
Well, it was reachable enough that we got a response from that IP, so
we consider it reachable enough to continue scanning.

Now if the unreachable comes from a different IP address than the
target, we treat it differently.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault