Nmap Development mailing list archives

Re: Nmap not play nice w/ Cisco VPN

From: Andreas Ericsson <ae () op5 se>
Date: Thu, 28 Sep 2006 13:16:10 +0200

Wagner, Chris (GEAE, CBTS) wrote:

It's Cisco VPN client 4.7.00.0533.  I think it's a purely client side
problem since I can ping, ssh, etc to the host and nmap eventually works
with the -e eth1 -P0 options.  So however Cisco is building the virutal
interface on my PC, it's something that nmap can't understand properly. 
It should be directly sending the probes through eth0 AFAIK.


No, it shouldn't. Cisco VPN on Linux requires a kernel-module, since the 
server-side that you're connecting to can choose to disable network 
traffic from and to the connecting end on *all other* interfaces. This 
is a security measure to prevent lazy admins from setting up a VPN 
machine as a router to a network which isn't supposed to be routed. Iow, 
it's a Good Thing.

 I haven't
tried any of the other options since this problem is below them.  It
wants to determine the remote MAC address even though it's a remote
network.  That seems to be the root of the problem.


I'm pretty sure ethernet level operations (such as determining MAC 
addresses) won't work over (most) VPN-tunnels without some major surgery.

Brett Cunningham wrote:

I'm not sure why you had problems over the VPN. I just tested it over
my Cisco VPN and had no problems doing a simple "nmap 10.x.x.x". I
also am using Nmap version 4.11. What kind of tunnel did you create?
And I'm assuming this is on a concentrator, so do you have a model
number for it? That shouldn't make much of a difference. If you're
able to ping it, I'm assuming you have the correct box. Is there
anything in between the end of the tunnel and the box you're trying to
scan, such as an IPS, that might block nmap activity? Lastly, what
options have you tried (ie, syn scan, paranoid, etc.)?

- sniper22


-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap not play nice w/ Cisco VPN Wagner, Chris (GEAE, CBTS) (Sep 27)
- Message not available
  - Re: Nmap not play nice w/ Cisco VPN Wagner, Chris (GEAE, CBTS) (Sep 27)
    - Re: Nmap not play nice w/ Cisco VPN Andreas Ericsson (Sep 28)
    - Re: Nmap not play nice w/ Cisco VPN Daniel Roethlisberger (Sep 28)
    - Re: Nmap not play nice w/ Cisco VPN Wagner, Chris (GEAE, CBTS) (Sep 28)