Security Basics mailing list archives

Re: Very strange nmap scan results

From: infos3c () gmail com
Date: 21 Sep 2007 04:22:56 -0000

Hi Juan,

Here you have used TCP connect scan [nmap -sT].Are you getting same list of open ports for Syn scan [nmap -sS] also? 

if you are getting the same ports for Syn scan then put a sniffer to see whether you are receiving SynAck from the IP 
you are scanning. If there are no replies coming the problem is local o your machine from where you are doing scanning. 
However if there are replies (SynAck) coming, then you know some one is responding to your scanning.

At the end of this if you conclude that the host being scanned (PIX) is really replying for all these connection 
attempts then you can try "Firewalking" on random ports to pass through the firewall..... 

Hope this helps

Current thread:

Very strange nmap scan results Juan B (Sep 20)
- Re: Very strange nmap scan results Steven Hollingsworth (Sep 21)
- <Possible follow-ups>
- Re: Very strange nmap scan results infos3c (Sep 21)
  - Re: Very strange nmap scan results Brian Laing (Sep 21)
    - Re: Very strange nmap scan results Juan B (Sep 21)
    - Re: Very strange nmap scan results Brian Laing (Sep 21)