Re: inconsistent nmap results

["Hans Nilsson" <hasse_gg () ftml net>]

Well maybe there's some kind of IPS/firewall that detects portscans and
starts dropping packets? Try doing a much slower scan and see what
results you get. Or try something like
nmap -sS -P0 -r -p10443-65535 xx.xx.xx.yy -T4

On Sun, 14 Jan 2007 17:19:48 -0500, frenzie () pop powweb com said:
> I have had some abnormal results using nmap 4.10 to do a syn TCP scan on
> a particuylar external network range. When i ran the scan as a full port
> scan of 0-65535, all ports are found to be filtered. Yet we know that
> port 10443 is open, and when i do a scan on that port, it is found to be
> open.
>
> This has meant a number of open ports have been missed in scanning this
> range.
>
> Is there something obvious that i have omitted, other more usual ports
> were found open on other hosts.
>
> ----------------------------------------------------------------
> # Nmap 4.10 scan: nmap -sS -P0 -p0-65535 -T4 -oA outputfile
> xx.xx.xx.xx/24 
>
> All 65536 scanned ports on host (xx.xx.xx.yy) are filtered
> ----------------------------------------------------------------
>
> ----------------------------------------------------------------
> nmap -sS -P0 -p10443 xx.xx.xx.yy -T4
> Starting Nmap 4.10
>
> Interesting ports on host (xx.xx.xx.yy):
> PORT      STATE SERVICE
> 10443/tcp open  unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 4.560 seconds
> ----------------------------------------------------------------
>
> thanks for your time
> Shanna
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
-- 
  Hans Nilsson
  hasse_gg () ftml net

-- 
http://www.fastmail.fm - Access your email from home and the web


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org