Security Basics mailing list archives

Re: Host responses only in case of range scan

From: nshadov.eq () gmail com
Date: Tue, 13 Sep 2011 00:33:04 +0200

Hi,
it's probably because nmap received TCP answer (SYN+ACK / RST) after some 
period of time, longer than it was waiting for (in what it sees as reliable 
network and properly responding host).

* 10.10.10.1

For one host scan, answer arrived shortly after nmap finished it's scan so it's 
not included in summary.

* 10.10.10.0/27

On the other hand, subnet scan takes longer (more hosts to check, aggregated 
SYN requests) so answer is received before nmap finished and it appears on 
results.

Try changing "--max-rtt-timeout <time>" (Nmap Reference Guide: 
http://nmap.org/book/man-performance.html).

RTT values are usually determined by nmap during "ping phase", although
you specified no ping at all (-PN option) so hard-coded values were used.

If turning off ping is not essential for your scan, you could also try not to 
disable it and verify results.

--
nshadov

Hello,
if I execute following command:

nmap -PN -p443 -T4 -sS --reason 10.10.10.0/27 | grep -A3 10.10.10.1

..I get following results:

[root@ ~]# nmap -PN -p443 -T4 -sS --reason 10.10.10.0/27 | grep -A3
10.10.10.1 Nmap scan report for 10.10.10.1
Host is up, received user-set (0.019s latency).
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
[root@ ~]#

Now if I scan only this particular host:

nmap -PN -sS -p443 -T4 --reason 10.10.10.1

..the TCP port 443 seems to be filtered:

[root@ ~]# nmap -PN -sS -p443 -T4 --reason 10.10.10.1

Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-11 02:53 EEST
Nmap scan report for 10.10.10.1
Host is up, received user-set.
PORT    STATE    SERVICE REASON
443/tcp filtered https   no-response

Nmap done: 1 IP address (1 host up) scanned in 1.09 seconds
[root@ ~]#

How to explain this?


regarding,
martin

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how to
test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f72
7d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Host responses only in case of range scan Martin T (Sep 12)
- Re: Host responses only in case of range scan nshadov . eq (Sep 12)
- Re: Host responses only in case of range scan TAS (Sep 13)
  - Re: Host responses only in case of range scan Matias Katz (Sep 13)