bug or host evasive action?

[Britton Kerin <britton.kerin () gmail com>]

Hi guys,

I guess any weirdness you see as a result of scans could be hosts
taking evasive action or something, but this strikes me as weird.

When I skip host detection, the http server on one of the Linksys
wireless routers gets found, but not if I don't:

     $ nmap -Pn 192.168.1.1

     Starting Nmap 5.51 ( http://nmap.org ) at 2012-04-19 20:19 AKDT
     Nmap scan report for 192.168.1.1
     Host is up (0.0061s latency).
     Not shown: 999 closed ports
     PORT   STATE SERVICE
     80/tcp open  http

     Nmap done: 1 IP address (1 host up) scanned in 7.68 seconds
     $ nmap 192.168.1.1

     Starting Nmap 5.51 ( http://nmap.org ) at 2012-04-19 20:19 AKDT
     Nmap scan report for 192.168.1.1
     Host is up (0.012s latency).
     All 1000 scanned ports on 192.168.1.1 are closed

     Nmap done: 1 IP address (1 host up) scanned in 7.57 seconds

Scanning the entire network also finds the http port:

     $ nmap 192.168.1.0/24

     Starting Nmap 5.51 ( http://nmap.org ) at 2012-04-19 20:02 AKDT
     Nmap scan report for 192.168.1.1
     Host is up (0.0044s latency).
     Not shown: 999 closed ports
     PORT   STATE SERVICE
     80/tcp open  http

     Nmap scan report for 192.168.1.25
     Host is up (0.029s latency).
     Not shown: 995 closed ports

     [snip other hosts]

Is the router maybe hiding because it just got discovered or something,
or could this be some sort of nmap bug?

Thanks,
Britton Kerin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/