Re: Nmap does not notice ACK packets

[Kris Katterjohn <katterjohn () gmail com>]

Richard van den Berg wrote:
> I've not seen a SYN coming from the remote host in this situation.
> However, since the ACK triggers a RESET from my local system this might
> be the reason. It's not likely though since the ACK and SYN should have
> been sent at the same time and I should have seen it arrive. It's too
> bad I cannot reproduce the issue when testing manually with netcat and
> hping2.

I agree with you on the ACK and SYN timing stuff, but, again, I don't
think the ACK|SYN would be separate in the first place.

> I don't know what these remote hosts are running. I've seen the issue
> with different hosts on the same network. It could be an active device
> in front of the real servers acting this way..

Hmm.. do your results change when using options like --data-length (or
maybe -f)?  I'm not sure if that would help any, but it might narrow it
down some. I can hope, right? :)

Is it hosts *only* on this particular network?  Have you had these
results anywhere else?  Have you scanned from different networks?

Thanks,
Kris Katterjohn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org