Nmap Development mailing list archives
Wrong syn scan results because of MSS
From: Juergen Schmidt <ju () heisec de>
Date: Tue, 22 Nov 2005 18:02:48 +0100 (CET)
Hello, I just found a case that a nmap syn scan (-sS) reported wrong results on an Assus router. While the connect scan (-sT) reported port 80 as open, which was correct, -sS displayed all ports as filtered. Digging deeper, I found, that the major difference between the two first packets in the scan was that nmap did not set an MSS on the first SYN in syn scan mode. And this packet was not answered by the router. On the Assus router I really found a matching iptables rule: Chain INPUT DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN TCP option 2 is the MSS, so that was the cause of the wrong results. So is there an option to set an MSS on syn packets generated by nmap -sS? I did not find any. The Assus router was in its default configuration. bye, ju PS: Please CC me on answers to this. -- Juergen Schmidt Chefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju () heisec de GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Wrong syn scan results because of MSS Juergen Schmidt (Nov 22)