mailing list archives
Re: Apparent Bug in Nmap
From: Fyodor <fyodor () insecure org>
Date: Thu, 4 Jun 2009 14:44:43 -0700
On Thu, Jun 04, 2009 at 11:38:03AM -0500, sbammel wrote:
Test #2: (shows 10.11.0.1 up when it is not)
c:\Temp\nmap>nmap -sP 10.11.0.2 10.11.0.1
Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-04 11:19 Central Daylight Time
Host 10.11.0.1 is up (0.00s latency).
Nmap done: 2 IP addresses (1 host up) scanned in 1.74 seconds
No. Time Source Destination Protocol Info
10 11.277806 10.10.0.81 10.11.0.1 TCP 62969 > http [ACK] Seq=0 Ack=0 Win=3072 Len=0
11 11.278167 10.11.0.1 10.10.0.81 ICMP Destination unreachable (Host unreachable)
Hi Stanley. Whether to consider a host "up" can be a touch policy
decision. We tend to err on the side of considering hosts up rather
than being too strict about it. In this case above, Nmap receives a
packet purportedly FROM 10.11.0.1 claiming that it is not reachable.
Well, it was reachable enough that we got a response from that IP, so
we consider it reachable enough to continue scanning.
Now if the unreachable comes from a different IP address than the
target, we treat it differently.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org