Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help -- nmap not probing filtered ports

From: Utkarsh Shrivastava <utkarsh12 () gmail com>
Date: Tue, 12 Oct 2010 05:03:44 -0400
On Tue, Oct 12, 2010 at 4:48 AM, Rob Nicholls <robert () robnicholls co uk> wrote:

On Mon, 11 Oct 2010 21:42:19 -0400, Utkarsh Shrivastava
<utkarsh12 () gmail com> wrote:


I've used virtually all the nmap options but not luck. nmap -PN <IP>
always tells me that the host is up


Did you mean -Pn (although it seems that -PN also works)? This option tells
Nmap to assume the host is up, so it won't bother checking, and therefore
will always tell you (unless you're scanning on the local subnet) that "Host
is up." even if a host doesn't exist.


  Yes, I am using -PN option and it seems to be doing what you mentioned. So,
 I have removed it from my scan type and added -v -sV -T4 -O



I am sure IP x is up because I have received
 an email within a minute from it. Any pointers?


It might be sending emails, but it might not be configured to receive emails
(or if it does, perhaps it receives emails from another IP that's assigned
to the same host). It only needs to have an open port if it receives emails.

Another possibility is that firewall rules are only allowing the IPs of
authorised hosts to send emails, which the host will relay to anywhere,
which is why the SMTP port looks filtered to you, but you're still able to
receive emails from it.


  True, this might be a possibility and I was wondering if there's a
work around for this. Also, I
looked at Fyodor's defcon '10 hack

" -v -sV -T4 -O --osscan-guess -oA -ms-smbscan
--script=smb-enum-domains,smb-enum-processes,smb-enum-sessions,smb-enum-shares,smb-enum-users,smb-os-discovery,smb-security-mode,smb-system-info"

and it seems to be working for some IPs. Say for example I took 100
IPs, out of which this script worked
for 90% of the cases. Is it possible to beat the firewall (if that's the case) ?

Utkarsh


Rob



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: