Nmap Announce mailing list archives
Re: Nmap bug or am I missing something.
From: "Olaf Selke" <Olaf.Selke () mediaWays net>
Date: Sun, 14 Mar 1999 20:31:47 +0100 (MET)
According to Frank W. Keeney:
I've been messing around with nmap (on Linux) in my lab and I'm able to port scan a Checkpoint Firewall 1 (NT Server sp4, fwt 3.0b) without being logged. Unfortunately nmap "incorrectly" reports all the scanned ports open. I only know which ports are open by using tcpdump or a sniffer. Here are my command lines: Nmap: x.x.x.x is the attacked host. nmap -sF -f -n -P0 -vv -p 20-25,250-270,5900 x.x.x.x Scans -sF, -sX, -sN in combination with -f are not logged on fw1. Scans with -sS -f are logged.
this is correct for Checkpoint FireWall-1 Version 3.0, even with latest public available patch Build 3083. The firewall drops the packets as expected but nothing is logged at all ;-( In FireWall-1 version 4.0 (I've tested with Build 4037 VPN+DES) things are improved and a 'nmap -f -sF' scan is logged by the firewall as 20:19:00 drop x.x.x.x >le0 proto tcp src 62.52.134.110 dst x.x.x.x service 291 s_port 62851 rule 0 reason: TCP packet too short 20:19:00 drop x.x.x.x >le0 proto tcp src 62.52.134.110 dst x.x.x.x service 267 s_port 62851 rule 0 reason: TCP packet too short Olaf -- Olaf Selke, olaf.selke () mediaways net, voice +49 5241 80-7069
Current thread:
- Nmap bug or am I missing something. Frank W. Keeney (Mar 11)
- Re: Nmap bug or am I missing something. Lamont Granquist (Mar 13)
- Re: Nmap bug or am I missing something. Olaf Selke (Mar 14)
- Small Comparison: Nmap, Queso OS Detection Hans Zoebelein (Mar 15)