Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IPv6 host discovery, SYN, incorrectly reporting targets down

From: "Paul Jenkins" <pjenkins () dsci com>
Date: Tue, 6 Oct 2009 15:02:18 -0400
So if I gather this correctly, Windows doesn't send NMAP the
ECONNREFUSED, and just drops the request, so NMAP never has the
opportunity to register the host as UP. I'm blaming windows since the
same scan on the same network from a Linux box which received the
ACK/RST, correctly reported the host as UP, which would mean the stack
on a Linux box sends the ECONNREFUSED to NMAP.

Thank you,
Paul



-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Daniel
Roethlisberger
Sent: Tuesday, October 06, 2009 3:00 PM
To: nmap-dev () insecure org
Subject: Re: IPv6 host discovery, SYN, incorrectly reporting targets
down

Paul Jenkins <pjenkins () dsci com> 2009-10-06:

Host that only respond with RST/ACK flags are reported as down, only
hosts that report back with SYN/ACK are reported as up.

Command used 

Nmap -6 -sP -PS22,23,80,443,37227 -iL _____

Using ipv4 addresses in the same environment yields the correct number
of hosts "up".


IPv6 TCP ping scans are in fact connect() scans, while for IPv4,
a raw TCP SYN scan is used.  If your network stack doesn't return
ECONNREFUSED on receiving RST/ACK, then Nmap doesn't know the
difference between a refused connection and one which failed due
to no responses received.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: