Nmap Development mailing list archives
Re: Nmap ICMP/TCP Ping Insubordination
From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Jul 2004 00:43:39 -0700
On Mon, Jun 07, 2004 at 11:40:59AM +0300, Noam Rathaus wrote:
Hi, I noticed a very inconsitent (with the man file) behavior of Nmap, I run two command line: 1) ./nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com (under the root user) 2) /nmap-3.50/nmap -PT80 -sP -d -n www.microsoft.com (under the non-root user)
The difference is because -PT80 sends a TCP ACK probe when you are root. However, when non-root it has to fall back to connect(), which effectively sends a SYN packet. Meanwhile, Microsoft has a stateful firewall in place which blocks the unexpected ACK packets (root user case), while allowing the SYN (non-root user) because that just looks like a normal connection attempt. To get the same behavior in both cases, use -PS80 instead of -PT80. Cheers, Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Re: Nmap ICMP/TCP Ping Insubordination Fyodor (Jul 05)
- <Possible follow-ups>
- Re: Nmap ICMP/TCP Ping Insubordination Fyodor (Jul 05)