Re: Issue regarding nmap-payloads - UDP services still showing as "open|filtered" when a payload is added to evoke a reply

[Daniel Miller <bonsaiviking () gmail com>]

Stuart,

If Nmap correctly sends the payload, then there are only a few
possibilities:

The response may be misaddressed. This could happen if the payload contains
a port number to which the service will respond which is different than the
source address of the probe.

The service might not be responding, but you say that is not the case.

The response may be blocked by something like a firewall or IPS.

Or there may be a bug in Nmap. Providing output from -d2 --packet-trace
would be helpful to diagnose.

Dan

On Sun, Mar 19, 2017 at 3:44 PM, Stuart Duncan <stoobmeister () gmail com>
wrote:

> Hi,
>
> I've seen a few threads/bits of info regarding the nmap-payloads file but
> I am having issues with adding custom payloads. I know that the
> open|filtered outcome is given when no response (ICMP or UDP) has been
> received.
>
> I added a custom payload within this file and using a network sniffer - I
> can see that Nmap correctly sends the payload and also that, I get a
> response back - yet Nmap still determines that it is "open|filtered.
>
> I was wondering what modification I would need to make to ensure that Nmap
> reports the status of the service as "open" - I have tried using Nmap with
> the --datadir option but this has made no difference.
>
> Does Nmap need to be re-compiled with the new payload? Or something else?
>
> Thanks for your time,
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/