Ports

[n3w7yp3 <n3w7yp3 () gmail com>]

List,

Hello. Today I was poking around with nmap when I came across a host
that was acting very strangley. When I would do a scan that left nmap
to pick the ports (the default 1663 ports or what ever), it would come
back that they were all filtered. However, when I would specify the
ports to be scanned (via -p) I would get completly different results.
The part that is most confusing to me however is that a port I knew
was open (6667) kept showing up as filtered. A little puzzled i
proceded to run hping2 --scan and got a list of open oports (pretty
much what I expected, some of which i had found with nmap, so of which
nmap did not find the first 3 runs). So, i fed the list of ports into
nmap and they all turned up open.

My question is, why didn't nmap find these ports open the first few
times around? The OS Fingerprint said that the box was a Checkpoint
box, so I think that that might have something to do with it (IDS/IPS
prehaps?). BTW, the type of scan I used was a SYN Stealth.

peace,
--n3w7yp3
-- 
when the files get tough, the tough get fsckin'


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev