Penetration Testing mailing list archives
Re: Nmap output
From: ChromeSilver <chromesilver () gmx net>
Date: Fri, 21 Nov 2008 08:26:00 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maybe the scanned box's firewall drops fragmented packets if they don't come in as related. Mine does. Regards, ChromeSilver Nikhil Wagholikar schrieb:
Hello Maash, I agree with Taufiq's point. Fragmentation is just one technique to evade firewall, IDS/IPS etc. NMap was originally developed keeping in mind UNIX/Linux operating system. Later, it was ported to Microsoft Windows. So there are lots of switches/options in NMap, which executes perfectly in UNIX/Linux environment than on Microsoft Windows. One of the options is of 'fragmentation'. I would suggest you to run the same scan from a UNIX/Linux based system i.e. install NMap on a UNIX/Linux system and then run the same scan. I am sure, you'll get near to perfect results from it. Best of Luck !! --- NIKHIL WAGHOLIKAR Practice Lead | Security Assessment and Digital Forensics NII Consulting Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html 2008/11/20 <maash.rajani () gmail com>I scanned a host with nmap using two set of parameters. 1) nmap -P0 -f -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1690 scanned ports on host233-226.xxxx.xxx.xx (192.168.100.44) are filt ered Device type: specialized|switch|WAP|printer|general purpose Running: Cisco IOS 12.X, D-Link embedded, Ember embedded, IBM embedded, Lexmark embedded, Minix OS details: Cisco DOCSIS cable modem termination server running IOS 12.1, Cisco Catalyst 6509 running IOS 12.1, D-Link DI-824VUP Wireless VPN Router, Ember InSi ght Adapter for programming EM2XX-family embedded devices, IBM 6400 Printer (sof tware version 7.0.9.6), Lexmark T632 Network Laser Printer, Minix 3.1.2a While in the second set of parameter i did not fragment the packets. 2) nmap -P0 -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Interesting ports on host233-226.xxx.xxx.xx (192.168.100.44): Not shown: 1689 filtered ports PORT STATE SERVICE 443/tcp open https Device type: general purpose Running: IBM AIX 4.X, Microsoft Windows 2003/.NET|NT/2K/XP OS details: IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/*, Microsoft Windows 2003 Serve r or XP SP2 Uptime: 3.360 days (since Sun Nov 16 13:22:23 2008) My question is without fragmenting the packets how was nmap able to determine an open port. And what different did fragmentation make in OS detection. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSSZiiOXUwN8Yq7OqAQIgjBAAi00JoZSRlBeb5ugAA70OoNpVNv8ppBtL +zjn7+cTV+8ILCyIrEPCAfOyWKz+dCwTawONRrty1hWJUsr5NkWJhiop+31sAqy9 SRWNFFD1hDUAzl2u4639HF/8drPs+m27TqNzm4zrKFrpAvqYWNp7sKodaqhA/U4R Bh0Tv7qrmQauzf29f7eZkKZx8WJcV/KclF5lZ7m9qY0hx68524pr8EAQrmKOMqQL LBGVZdR7KgJ8BIxuaJOKciHX/088dVgeEYFJij44xrLmfUKdP9uN6hylIyUpV5rM EOv1MwigukWtdJetRfiZGUFoGBEkIxuLg/YpWR5WauRs0IsDL++bndPDjSMhlrdX T0RtxTFUzKGgt4K/sUzm3dM/qMQDjETR49fcU9c7LElE7NaKCqndfPu/f8y9iXks /9x/C/CBUxJiPa6KaneleArTbW2ib2/De1IVt4nZ7xwCrqifA/Ci+Ij4nkXAxnyM Y7DMn+xEcjUZZTS3dMnDeVsTKWWdTj2TSVPJ7u1MAH+++/lBdyLFlExkW/x53MRG skqtCF6sTh/Lx1XF6TTHLcjFYj8uwJDeHCZHBmgu9Z7ESMW7Mfm+lDjSOLZSOZWN W/pC7Qj3ENKFYb5GEatAokSE70MFCSWNFPiyqUSh3G7cMOF71SHxyl8OlR+ul7wK axQMzz0g76U= =LaBs -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Nmap output maash . rajani (Nov 19)
- Re: Nmap output τ∂υƒιφ * (Nov 19)
- Re: Nmap output Michael Condon (Nov 20)
- RE: Nmap output Veal, Richard (Nov 20)
- Re: Nmap output Nikhil Wagholikar (Nov 20)
- Re: Nmap output ChromeSilver (Nov 20)
- Message not available
- Re: Nmap output Nikhil Wagholikar (Nov 21)