Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: SCTP scanme system at scanme.csnc.ch
From: Daniel Roethlisberger <daniel () roe ch>
Date: Sat, 13 Jun 2009 16:10:23 +0200

Brandon Enright <bmenrigh () ucsd edu> 2009-06-12:
My results are coming back filtered:

$  sudo nmap -sY -PN -T5 --reason -p 7,9 -v -n scanme.csnc.ch

Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2009-06-12 23:06 UTC
NSE: Loaded 0 scripts for scanning.
Initiating SCTP INIT Scan at 23:06
Scanning 213.144.141.30 [2 ports]
Completed SCTP INIT Scan at 23:06, 1.51s elapsed (2 total ports)
Host 213.144.141.30 is up, received user-set.
Interesting ports on 213.144.141.30:
PORT   STATE    SERVICE REASON
7/sctp filtered echo    no-response
9/sctp filtered discard no-response

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.58 seconds
           Raw packets sent: 4 (208B) | Rcvd: 0 (0B)


I can't figure out what is filtering the packets though.  I manually
did a SCTP traceroute by using Nmap's --ttl feature and found that this
hop is dropping all ICMP TTL exceeded messages (traceroute dead end):

13  adsl-130-143.dsl.init7.net (213.144.130.143)  177.548 ms  175.733 ms  176.90

All the hops leading up to this one encapsulate my SCTP packets
properly so I know my scan is at least getting 13 hops out.

I verified connectivity from several Internet locations and can
reach scanme just fine from everywhere.  It is possible that you
tested during a short time frame while the scanme box was
rebooting or offline due to recabling it yesterday.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]