Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap does not perform reliable scans on Solaris 11
From: "Giovanni Schmid" <giovanni.schmid () na icar cnr it>
Date: Sun, 22 May 2011 00:49:09 +0200 (CEST)

On Sat, May 21, 2011 at 08:33:57PM +0200, Giovanni Schmid wrote:
On Mon, May 16, 2011 at 08:46:06PM +0200, Giovanni Schmid wrote:

I tested Nmap 5.21 on Oracle Solaris 11 and found that it only
apparently works. Actually, many different scan sessions (with
different options and  targets) got wrong results. For ex., the
following scan is related to a host with 22/tcp (SSH) and  111/tcp
(rpcbind) open; however the two services are not detected. Morever,
turning off the -PN  option results in an host apparently blocking up
ping probes. This is not the case, instead.

# nmap -A

Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:13 CEST
Note: Host seems down. If it is really up, but blocking our ping
try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.60 seconds

# nmap -PN -A

Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:14 CEST
Nmap scan report for
Host is up.
All 1000 scanned ports on are filtered
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
1   ... 30

# nmap -PN -sS

Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:34 CEST
Nmap scan report for
Host is up.
All 1000 scanned ports on are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.16 seconds

Thank you for reporting this. We need some more information from you.
the wrong results happen every time, or only sometimes? Is it only
IP address that has the problem, or other LAN addresses, or all

Hi David.

The wrong results happen every time, and for different hosts in the same
LAN. There were no firewalls among the targets and the scanning host.
Moreover, I compared the results for the above targets against another
scanning host running Nmap 4.x on Linux in the same LAN, and in this
case the results were correct.

It looks like you are getting no reponses at all from the target. Is
there a firewall or something similar in the way? What output do you
when you run the command
   ssh -v

At  this moment I cannot run the above command, since I am at home and in not reachable through the Internet. However
is a Solaris 11 box too, and its sshd should be

Sun_SSH_1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090801f

or above.

I didn't mean to ask for the SSH version number; it's just that I would
be surprised if ssh works at all if Nmap can get no responses.

Can you try the scan again, this time with --unprivileged?

David Fifield

OK, I will do the unprivileged scan on Monday and will let you know.
However, SSH connections from the scanning host to the targets  worked
perfectly during the test. I can say this with confidence because I used
SSH to log to the targets before, during and after the scan sessions and
it worked.

Giovanni Schmid

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]