Nmap Development mailing list archives
Ports
From: n3w7yp3 <n3w7yp3 () gmail com>
Date: Wed, 24 Aug 2005 17:52:32 -0400
List, Hello. Today I was poking around with nmap when I came across a host that was acting very strangley. When I would do a scan that left nmap to pick the ports (the default 1663 ports or what ever), it would come back that they were all filtered. However, when I would specify the ports to be scanned (via -p) I would get completly different results. The part that is most confusing to me however is that a port I knew was open (6667) kept showing up as filtered. A little puzzled i proceded to run hping2 --scan and got a list of open oports (pretty much what I expected, some of which i had found with nmap, so of which nmap did not find the first 3 runs). So, i fed the list of ports into nmap and they all turned up open. My question is, why didn't nmap find these ports open the first few times around? The OS Fingerprint said that the box was a Checkpoint box, so I think that that might have something to do with it (IDS/IPS prehaps?). BTW, the type of scan I used was a SYN Stealth. peace, --n3w7yp3 -- when the files get tough, the tough get fsckin' _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Ports n3w7yp3 (Aug 24)