Re: Sorry more questions on nmap operations

["Michael Pattrick" <mpattrick () rhinovirus org>]

On Sun, Jan 11, 2009 at 12:20 PM, maillist <maillist () securityoveride com> wrote:
> In continuing to understand nmap for this video tutorial im making i
> came up with some more questions
>
> 1) when doing a scan of a specified port like 25 of my host
> securityoveride.com
> -snip-
> my question is what is the nmap [ACK] to port 80 for?

It is a ping technique useful for hosts that block ICMP packets, the
correct behavior for a host receiving an ACK packet without the first
two steps of the TCP handshake occurring is to send an RST packet.
However, some firewalls jsut drop unexpected ACK packets.

You can read more about this at [0]

> 2) when doing an nmap -sV securityoveride.com -p25
> -snip-
> my question here is why does nmap send a request [SYN] then a [RST] then
> make another request [SYN] for the connection. Why doesn't nmap make the
> connection right away?

I would assume that is to avoid TCP resource exhaustion, nmap
generally tries to be nice and avoids doing things by default that
could crash or DoS a target computer.

[0] http://nmap.org/book/man-host-discovery.html#id335942

-- 
Michael Pattrick
http://www.rhinovirus.org/math

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org