Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!)

From: David Fifield <david () bamsoftware com>
Date: Sat, 4 Jul 2015 14:57:52 -0700
On Sat, Jul 04, 2015 at 11:16:34PM +0200, Jacek Wielemborek wrote:

W dniu 04.07.2015 o 23:12, David Fifield pisze:

It worked for me. Without a proxy, it took 3.95 seconds to find 3 open
ports, 6 filtered, and 991 closed. With a Tor proxy, it took 155 seconds
to find 3 open ports and 997 closed|filtered ports.


Thanks for testing, David! The results are a bit worrying though. Does
your ISP filter port 3006? Are you getting back consistent -sT results
with no proxy?


I ran a few times without a proxy and got inconsistent filtered results.

I ran again with a proxy and this time it took longer, 811 seconds.

Ordinary SYN scan finds only ports 139 and 445 filtered. (After a
curiously long time, 274 seconds.)


$ sudo ./nmap -sT scanme.nmap.org

Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 14:27 PDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.098s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Not shown: 976 closed ports
PORT      STATE    SERVICE
22/tcp    open     ssh
26/tcp    filtered rsftp
79/tcp    filtered finger
80/tcp    open     http
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
722/tcp   filtered unknown
800/tcp   filtered mdbs_daemon
898/tcp   filtered sun-manageconsole
1026/tcp  filtered LSA-or-nterm
1839/tcp  filtered netopia-vo1
2043/tcp  filtered isis-bcast
2910/tcp  filtered tdaccess
3476/tcp  filtered nppmp
5054/tcp  filtered rlm-admin
5811/tcp  filtered unknown
5963/tcp  filtered indy
6692/tcp  filtered unknown
6839/tcp  filtered unknown
7999/tcp  filtered irdmi2
8100/tcp  filtered xprint-server
9009/tcp  filtered pichat
9929/tcp  open     nping-echo
20000/tcp filtered dnp

Nmap done: 1 IP address (1 host up) scanned in 5.86 seconds


$ sudo ./nmap -sT scanme.nmap.org

Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 14:27 PDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.098s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Not shown: 974 closed ports
PORT      STATE    SERVICE
22/tcp    open     ssh
80/tcp    open     http
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
543/tcp   filtered klogin
783/tcp   filtered spamassassin
808/tcp   filtered ccproxy-http
843/tcp   filtered unknown
1048/tcp  filtered neod2
1088/tcp  filtered cplscrambler-al
1113/tcp  filtered ltp-deepspace
1443/tcp  filtered ies-lm
2525/tcp  filtered ms-v-worlds
3828/tcp  filtered neteh
3945/tcp  filtered emcads
5907/tcp  filtered unknown
8022/tcp  filtered oa-system
8083/tcp  filtered us-srv
8291/tcp  filtered unknown
9099/tcp  filtered unknown
9535/tcp  filtered man
9929/tcp  open     nping-echo
9968/tcp  filtered unknown
10024/tcp filtered unknown
15742/tcp filtered unknown
32769/tcp filtered filenet-rpc

Nmap done: 1 IP address (1 host up) scanned in 4.59 seconds


$ ./nmap -sT --proxy socks4://127.0.0.1:9050 scanme.nmap.org

Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 14:28 PDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.79s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Not shown: 997 closed|filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
9929/tcp open  nping-echo

Nmap done: 1 IP address (1 host up) scanned in 811.03 seconds


$ sudo ./nmap scanme.nmap.org

Starting Nmap 6.49SVN ( https://nmap.org ) at 2015-07-04 14:42 PDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.025s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: li982-156.members.linode.com
Not shown: 995 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
9929/tcp open     nping-echo

Nmap done: 1 IP address (1 host up) scanned in 274.00 seconds
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: