Nmap Development mailing list archives
Scan of a Fortigate FW - false positives
From: "Luke, Jason" <lukej () anx com>
Date: Tue, 9 Oct 2012 19:33:49 +0000
Originally found this issue from running a Rapid7 Nexpose scan, which uses NMAP for host discovery. Repeatable on my own local version, 5.5 and 6.0. sudo nmap --privileged -n -PS21-23,25,53,80,110-111,135,139,143,443,445,541,993,995,1723,3306,3389,3475,5900,8080,8200,9300,27249 -sS -O --osscan-guess --max-os-tries 1 -p1-2850--max-retries 4 --max-rtt-timeout 1000ms --initial-rtt-timeout 100ms --defeat-rst-ratelimit --min-rate 200 --max-rate 3000 -r X.X.X.X IF I set the # of ports to scan anything higher than about 2850, I get many false "open" ports shown. I had started with all ports and have narrowed it down to around that 2850 number. It seems obvious that their is some IDS/IPS functionality somewhere causing the interference but I have seen the firewall config and see nothing untoward. I have gone round and round with the ISP and they vehemently claim no such interference. Does anyone have any tips? Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Scan of a Fortigate FW - false positives Luke, Jason (Oct 09)
- Re: Scan of a Fortigate FW - false positives David Fifield (Oct 09)
- Re: Scan of a Fortigate FW - false positives Luke, Jason (Oct 10)
- <Possible follow-ups>
- Re: Scan of a Fortigate FW - false positives David Fifield (Oct 10)
- Re: Scan of a Fortigate FW - false positives David Fifield (Oct 09)