Strange NMAP 4.0 Behavior

[kx <kxmail () gmail com>]

Derek,
  The default scan when not specified is -sS -F. If you only wanted to
do an ICMP Echo Ping Scan and no more, use -sP -PE.

  So while there is no bug, I looked over the man pages and nmap's
defaults are not explicitly detailed in any section.

  For the novice, it is not clear what actions the command "nmap
scanme.insecure.org" will invoke. Maybe we (the nmap community) can
work on documenting that better, especially with the recent additions
of things like nmap's own ARP stack, and DNS resolution.

Thanks for the feedback.
           kx

On 2/20/06, Derek Nash <ddnash () gmail com> wrote:
> I was just noticing when running an ICMP Echo scan (-PE) in NMAP
> version 4.00 that it seems to be including a SYN scan on all Service
> ports (-sS -F) scan as part of this scan type. I have witnessed this
> on 2 separate installs and systems, I couldn't find documentation that
> states this is a new default behavior.
>
> Has anyone else witnessed this strange behavior? If this is a new
> default behavior does anyone know if this behavior is defeatable?
>
> This seems like a bug to me, but I thought I would post here prior to
> submitting a bug report.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------