Nmap Development mailing list archives
Re: NMAP and IPSEC on Windows 2000
From: Chad Loder <cloder () acm org>
Date: Fri, 19 Mar 2004 11:21:52 -0800
Jodi, Do you have the Windows 2000 hotfix for NAT/T support installed? It is known to break raw socket support on Win2k, so you should uninstall it if you have it. The patch number is Q818043 and you can probably see it in your Add/Remove Programs control panel. I reported this breakage to Microsoft months ago, but it's probable they still haven't fixed it. We should probably add something to a README file somewhere (fyodor?). You can also try stopping the IPSEC service by doing: net stop policyagent from the command line. Things should work after that. If you want to complain to Microsoft, you can reference case #SRX030605602592 and tell them to get this fixed. Otherwise they will never release a patch. Best regards, Chad Loder Rapid7, Inc. http://www.rapid7.com On Tue, Mar 16, 2004 at 12:02:40PM -0800, Jodi C wrote:
Hello, I am having a problem with NMAP that I could not google or glean from your site. I have a simply IPSEC policy on a Windows 2000 Server that is not part of a domain. There are three rules in IPSEC that have worked pefrectly well for the intended purpose: 1.) Default Response Rule 2.) Deny TCP 445 and TCP 3389 - block from everyone 3.) Permit TCP 445 and TCP 3389 - Allow from only a handful of machines on our network. If the policy is applied, NMAP returns no response at all and appears to hang. If the policy is deactivated, NMAP returns a response in a few seconds. I have tried unchecking all three filters, but still no response. I am using "NMAP -sS -P0 -oN [IP]". Have you any known problems with Windows 2000 IPSEC and NMAP? Thanks for your help and the great tool, J Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- NMAP and IPSEC on Windows 2000 Jodi C (Mar 16)
- Re: NMAP and IPSEC on Windows 2000 CBuH. (Mar 16)
- Re: NMAP and IPSEC on Windows 2000 Chad Loder (Mar 19)