Nmap Development mailing list archives

Re: IPv6 host discovery, SYN, incorrectly reporting targets down

From: Daniel Roethlisberger <daniel () roe ch>
Date: Tue, 6 Oct 2009 20:59:31 +0200

Paul Jenkins <pjenkins () dsci com> 2009-10-06:

Host that only respond with RST/ACK flags are reported as down, only
hosts that report back with SYN/ACK are reported as up.

Command used 

Nmap -6 -sP -PS22,23,80,443,37227 -iL _____

Using ipv4 addresses in the same environment yields the correct number
of hosts "up".


IPv6 TCP ping scans are in fact connect() scans, while for IPv4,
a raw TCP SYN scan is used.  If your network stack doesn't return
ECONNREFUSED on receiving RST/ACK, then Nmap doesn't know the
difference between a refused connection and one which failed due
to no responses received.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins (Oct 06)
- Re: IPv6 host discovery, SYN, incorrectly reporting targets down Daniel Roethlisberger (Oct 06)
- <Possible follow-ups>
- RE: IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins (Oct 06)
  - Re: IPv6 host discovery, SYN, incorrectly reporting targets down Daniel Roethlisberger (Oct 06)