Penetration Testing mailing list archives

Re: Weird Nmap Behavior

From: rajat swarup <rajats () gmail com>
Date: Tue, 6 Oct 2009 12:53:30 -0400

On Mon, Oct 5, 2009 at 1:38 PM, arvind doraiswamy
<arvind.doraiswamy () gmail com> wrote:

--- If every port is filtered and ping is blocked(Internet) how does
Nmap decide that a host is up?
--- How would you explain behavior like the above where I know for a
fact an IP hasn't been assigned to a server/device/anything?

Lastly if I want to test known "down" IP's are there any such IP's?
Not misspelt domain names as of now - just test "down" IP addresses.

Finally if this behavior for Nmap is how it is and can't be
changed(due to whatever stack dependencies etc , just shooting in the
air here) isn't this giving in accurate results? What is a workaround?


Did you run nmap with the --reason flag?  If it's possible post the
output of the --reason scan or mostly it'd be self-explanatory.

HTH,
-- 
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Weird Nmap Behavior arvind doraiswamy (Oct 05)
- Re: Weird Nmap Behavior Wim Remes (Oct 06)
- Re: Weird Nmap Behavior Robert Portvliet (Oct 06)
- RE: Weird Nmap Behavior Gorgon Beast (Oct 06)
  - Re: Weird Nmap Behavior Jon Kibler (Oct 06)
  - RE: Weird Nmap Behavior mhellman (Oct 06)
- Re: Weird Nmap Behavior Jon Kibler (Oct 06)
- Re: Weird Nmap Behavior yaroslav (Oct 06)
- Re: Weird Nmap Behavior τ∂υƒιφ * (Oct 06)
- Re: Weird Nmap Behavior Tim (Oct 06)
- Re: Weird Nmap Behavior rajat swarup (Oct 06)