Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 host discovery, SYN, incorrectly reporting targets down

From: Daniel Roethlisberger <daniel () roe ch>
Date: Tue, 6 Oct 2009 21:25:58 +0200
Paul Jenkins <pjenkins () dsci com> 2009-10-06:

So if I gather this correctly, Windows doesn't send NMAP the
ECONNREFUSED, and just drops the request, so NMAP never has the
opportunity to register the host as UP.


Either that, or Nmap is for some reason incapable of properly
detecting connection refused conditions on Windows.  Winsock
differs from other Berkeley socket implementations in a few
areas; one of them is error reporting with non-blocking sockets.
It's possible that Nmap could detect this with some Windows
magic.  I haven't got a Windows box around to verify that.


I'm blaming windows since the
same scan on the same network from a Linux box which received the
ACK/RST, correctly reported the host as UP, which would mean the stack
on a Linux box sends the ECONNREFUSED to NMAP.

Thank you,
Paul



-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Daniel
Roethlisberger
Sent: Tuesday, October 06, 2009 3:00 PM
To: nmap-dev () insecure org
Subject: Re: IPv6 host discovery, SYN, incorrectly reporting targets
down

Paul Jenkins <pjenkins () dsci com> 2009-10-06:

Host that only respond with RST/ACK flags are reported as down, only
hosts that report back with SYN/ACK are reported as up.

Command used 

Nmap -6 -sP -PS22,23,80,443,37227 -iL _____

Using ipv4 addresses in the same environment yields the correct number
of hosts "up".


IPv6 TCP ping scans are in fact connect() scans, while for IPv4,
a raw TCP SYN scan is used.  If your network stack doesn't return
ECONNREFUSED on receiving RST/ACK, then Nmap doesn't know the
difference between a refused connection and one which failed due
to no responses received.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: