Scan stuck on single destination port

[Mark Lewis <marklewis1979 () gmail com>]

Hello,

I've got a situation where NMAP is repeatedly sending a SYN packet to the
same destination host with the same destination port.  The command I ran is:

nmap -v -n -ddd -PN -sS -p- --min-hostgroup 16 --max-retries 1
--min-rtt-timeout 50ms --max-rtt-timeout 300ms --initial-rtt-timeout 250ms
--max-scan-delay 10ms xx.xx.xx.xx/28

TcpDump shows the following interaction that has been going on for hours now
and never progresses beyond port 257 of the 10.10.10.70 target host:

17:00:38.814303 IP 192.168.1.4.59840 > 10.10.10.70.257: Flags [S], seq
1349548480, win 3072, options [mss 1460], length 0
17:00:38.824305 IP 10.10.10.70 > 192.168.1.4: ICMP host 10.10.10.70
unreachable, length 36

Does anyone know why it would hang on this port rather than giving up on it
(--max-retries 1)?  The target sits behind a firewall in a DMZ, but so do
the rest of the hosts and none of them are having similar issues.  Do I have
any options to get around this besides specifying a host timeout?  I really
have no idea how long the scans will take, and I've already burned myself
with setting the timeout too low (8 hours was apparently not enough).  I'd
also prefer to avoid the situation where one of these guys shows up in every
scan and I have to wait 20 hours per /28 block!

Thanks,

-Mark
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/