Home page logo
/

nmap-dev logo Nmap Development mailing list archives

interpreting results
From: Joao Daniel <joaodanielnevesss () hotmail com>
Date: Tue, 18 Oct 2011 14:40:25 -0200

Hi,

I have create a virtual Windows XP machine (VMware) and installed NOD32 Internet Security
with include ( of course ) a firewall.

So, to have some fun I tried to map the firewall rules (of the virtual machine).

#nmap -sP -PA139 --send-ip -n 172.16.13.14
Nmap reports host down.

As the guys know -PA parameter sends ACK packages. Seeding a ACK without seeding
an SYN makes the packages invalid.

But if I ran:
#nmap -sP -PS139 --send-ip -n172.16.13.14
Nmap reports host up.

I have also tried:
#nmap -sP -PS'other_port' --send-ip -n 172.16.13.14
Nmap reports host down.

Nmap only reports host up if I choose one of the fowling ports 135,139,445 (the 'default' windows ports)

Conclusions:

I suppose that the firewall block invalid TCP packets. (See the first scan)

I have a felling that the firewall is blocking probes for other port because the virtual machine
do not run a service on that port. (Third scan)

So, What I would like to ask is:

1) Are my conclusions right?

2)What more can I do to discover more about this host?

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • interpreting results Joao Daniel (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]