Nmap Development mailing list archives
Nmap 4.11: False positive ping results
From: Vitaly McLain <VMcLain () crowechizek com>
Date: Fri, 21 Jul 2006 15:55:27 -0500
Just wanted to let you know that we got some interesting false positives with Nmap during a ping sweep. We used the -sP option (and nothing else) to ping sweep a client's Class C. Here is what happened: 1. Nmap 4.03 and Nmap 4.11, under Windows XP SP1 and SP2, reported all 254 hosts as up. 2. Angry IP Scanner reports 2 hosts as being up, even after being made less angry (slowed down). 3. Nmap 4.10 under Linux (kernel 2.4.25) says 22 hosts are up. Number #3 (Nmap/Linux) is the only correct answer! So we scanned yet another Class C the client owns. Nmap/Windows found all 254 to be up, yet again. Angry found 8 (for comparison.) Nmap/Linux found 13 -- once again, this was the right answer. All boxes are in the DMZ of a PIX, on the same switch. I'd be happy to do any tests you'd like, though I am not sure if can we give you the IPs to test. Vitaly McLain Risk and Performance Services Crowe Chizek and Company LLC Direct : (630) 575-4346 Mobile: (224) 558-5979 UNDER U.S. TREASURY RULES ISSUED in 2005, we must inform you that any advice in this communication to you was not intended or written to be used, and cannot be used, to avoid any government penalties that may be imposed on a taxpayer. This message may contain privileged or confidential information. If you are not the intended recipient of this message, you may not make any use of, or rely in any way on, this information, and you should destroy this message and notify the sender by reply email. Any opinions or advice contained in this email are subject to the terms and conditions in any applicable client engagement letter or service agreement. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Nmap 4.11: False positive ping results Vitaly McLain (Jul 21)
- Re: Nmap 4.11: False positive ping results Martin Mačok (Jul 22)
- <Possible follow-ups>
- RE: Nmap 4.11: False positive ping results Mike C (sec) (Jul 25)
- Re: Nmap 4.11: False positive ping results 'Martin Macok' (Jul 25)