Penetration Testing mailing list archives
Re: Weird Nmap Behavior
From: Jon Kibler <Jon.Kibler () aset com>
Date: Tue, 06 Oct 2009 16:02:29 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gorgon Beast wrote:
I have noticed this as well, and it happens specifically when I try to scan over my Cisco devices. Locally, it works fine if there are no devices in the middle. The command I am using is 'nmap -sP xxx.xxx.xxx.0/24'. I only have 23 devices on that subnet powered on, yet NMAP shows them all "up". I've noticed this behavior in the last 2 versions, for sure. For example, there are no devices on any of the following IP's, and the scanning machine is behind an ASA: ........ Truncated........... Host xxx.xxx.xxx.241 is up (0.0089s latency). Host xxx.xxx.xxx.242 is up (0.011s latency). Host xxx.xxx.xxx.243 is up (0.00070s latency). Host xxx.xxx.xxx.244 is up (0.0090s latency). Host xxx.xxx.xxx.245 is up (0.011s latency). Host xxx.xxx.xxx.246 is up (0.00078s latency). Host xxx.xxx.xxx.247 is up (0.0086s latency). Host xxx.xxx.xxx.248 is up (0.011s latency). Host xxx.xxx.xxx.249 is up (0.00072s latency). Host xxx.xxx.xxx.250 is up (0.0087s latency). Host xxx.xxx.xxx.251 is up (0.0086s latency). Host xxx.xxx.xxx.252 is up (0.0013s latency). Host xxx.xxx.xxx.253 is up (0.00094s latency). Host xxx.xxx.xxx.254 is up (0.0072s latency). Host xxx.xxx.xxx.255 is up (0.0094s latency). Nmap done: 256 IP addresses (256 hosts up) scanned in 5.58 seconds
This is because the ASA proxies all outbound connections. That is why I asked in the original post regarding the firewall layout relative to the network. Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrLolUACgkQUVxQRc85QlOf5gCgj0lTXAXjP9HNytRkFmWycS+R WngAn1Fk6+HQLdWXPkOhmPOkGWOrWUYP =o8Gj -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Weird Nmap Behavior arvind doraiswamy (Oct 05)
- Re: Weird Nmap Behavior Wim Remes (Oct 06)
- Re: Weird Nmap Behavior Robert Portvliet (Oct 06)
- RE: Weird Nmap Behavior Gorgon Beast (Oct 06)
- Re: Weird Nmap Behavior Jon Kibler (Oct 06)
- RE: Weird Nmap Behavior mhellman (Oct 06)
- Re: Weird Nmap Behavior Jon Kibler (Oct 06)
- Re: Weird Nmap Behavior yaroslav (Oct 06)
- Re: Weird Nmap Behavior τ∂υƒιφ * (Oct 06)
- Re: Weird Nmap Behavior Tim (Oct 06)
- Re: Weird Nmap Behavior rajat swarup (Oct 06)