Home page logo

nmap-dev logo Nmap Development mailing list archives

nmap not working in Amazon's VPC
From: Eugenio Jimenes <eugenio.jimenes () siteblindado com br>
Date: Thu, 9 Jan 2014 15:48:00 -0200


We have a service that uses nmap as start point of a security assessment

During development we haven't faced any problem. The way we used to call
this command was:
$ sudo nmap -sP -PA21,22,23,25,53,80,135,137,139,143,443,445,8080,3128

However, when we released this solution in production environment (using
VPC). The EC2 that executes the nmap command is inside a private subnet and
uses a NAT to get access to the outside internet ... the expected result of
nmap command should be:

Starting Nmap 6.00 ( http://nmap.org ) at 2014-01-09 14:37 BRST
Nmap scan report for google.com.br (
Host is up (0.00027s latency).
Other addresses for google.com.br (not scanned):
rDNS record for gru06s09-in-f24.1e100.net
Nmap done: 1 IP address (1 host up) scanned in 10.07 seconds

BUT we are getting this:
Starting Nmap 6.00 ( http://nmap.org ) at 2014-01-09 16:57 UTC
Note: Host seems down. If it is really up, but blocking our ping probes,
try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 5.10 seconds

So for the server inside VPC google host is out of service.

We've already double checked the route table rules and security groups
configuration and it seems to be ok. How can we troubleshoot this in order
to find the root cause of the problem?



[image: Descrição: http://www.siteblindado.com.br/pt/img/Shield.jpg]

*Eugenio Augusto Jimenes**Analista em segurança Pleno - Site Blindado/Site
Blindado Labs                         *
*Bacharelando em Ciências da Computação - USP / IME*

eugenio.jimenes () siteblindado com br

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]