Penetration Testing mailing list archives
Re: Nmap output
From: τ∂υƒιφ * <tas0584 () gmail com>
Date: Thu, 20 Nov 2008 11:31:21 +0530
Hi MaashIf you were running fragment scan from windows box you will not get reliable results. This is the output of fragment scan you will always get
/C:\>nmap -P0 -f 192.168.0.xxxWarning: Packet fragmentation selected on a host other than Linux, OpenBSD, FreeBSD, or NetBSD. This may or may no
t work. /It is not always necessary to fragment packets to get the open ports in nmap. Fragmenting is just one technique for evading IPS/IDS/Firewall.
Also For more refer http://www.networkuptime.com Taufiq. -------- Original Message -------- Subject: Nmap output From: maash.rajani () gmail com To: pen-test () securityfocus com Date: 11/20/2008 3:20 AM
I scanned a host with nmap using two set of parameters. 1) nmap -P0 -f -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1690 scanned ports on host233-226.xxxx.xxx.xx (192.168.100.44) are filt ered Device type: specialized|switch|WAP|printer|general purpose Running: Cisco IOS 12.X, D-Link embedded, Ember embedded, IBM embedded, Lexmark embedded, Minix OS details: Cisco DOCSIS cable modem termination server running IOS 12.1, Cisco Catalyst 6509 running IOS 12.1, D-Link DI-824VUP Wireless VPN Router, Ember InSi ght Adapter for programming EM2XX-family embedded devices, IBM 6400 Printer (sof tware version 7.0.9.6), Lexmark T632 Network Laser Printer, Minix 3.1.2a While in the second set of parameter i did not fragment the packets. 2) nmap -P0 -O 192.168.100.44 Warning: OS detection for 192.168.100.44 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Interesting ports on host233-226.xxx.xxx.xx (192.168.100.44): Not shown: 1689 filtered ports PORT STATE SERVICE 443/tcp open https Device type: general purpose Running: IBM AIX 4.X, Microsoft Windows 2003/.NET|NT/2K/XP OS details: IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/*, Microsoft Windows 2003 Serve r or XP SP2 Uptime: 3.360 days (since Sun Nov 16 13:22:23 2008) My question is without fragmenting the packets how was nmap able to determine an open port. And what different did fragmentation make in OS detection. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
-- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Nmap output maash . rajani (Nov 19)
- Re: Nmap output τ∂υƒιφ * (Nov 19)
- Re: Nmap output Michael Condon (Nov 20)
- RE: Nmap output Veal, Richard (Nov 20)
- Re: Nmap output Nikhil Wagholikar (Nov 20)
- Re: Nmap output ChromeSilver (Nov 20)
- Message not available
- Re: Nmap output Nikhil Wagholikar (Nov 21)