Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: When tethering through my (UK) mobile provider, nmap reports closed ports as open

From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Feb 2019 11:22:52 -0700
On Tue, Feb 12, 2019 at 06:12:19PM +0000, Jaime T wrote:

Apologies if this is not the correct list for this, but after an hour
of digging, I couldn't find anywhere more suitable.

As per the title, when I tether through my mobile phone (O2 sim, based
in the UK), nmap tells me that closed ports are open.

Is this a "known" problem, or is it something more specific to my
mobile phone network provider? In case it makes a difference, I'm
running nmap on debian stretch.


I have heard that some network equipment will speculatively inject a
false SYN/ACK for every SYN, in order to decrease perceived latency, or
something. You may be able to get some more information using the
--reason option, which will show the TTL of received packets. If the
SYN/ACK is being injected, it will probably have a TTL that is
inconsistent with non-injected packets, for example the echo-reply.

# nmap --reason -p81 scanme.nmap.org
Host is up, received echo-reply ttl 50 (0.091s latency).
PORT   STATE  SERVICE   REASON
81/tcp closed hosts2-ns reset ttl 50
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: