Nmap Development mailing list archives

Firewall rule detection - results differing

From: "Gary Glover" <gglover () gmail com>
Date: Wed, 15 Nov 2006 14:19:47 -0700

Nmap question gurus:

Quick question on mixed results using nmap for firewall rule testing
(stateful or not).

When I run an nmap from my osx 3.95 version of nmap I get the following results:

Anole:~ Gary$ sudo nmap -sA -sV -P0 -p1-100 207.189.109.100
Password:

Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-11-15 10:05 MST
All 100 scanned ports on 207.189.109.100 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 21.503 seconds

When my customer runs nmap on the same address he gets the following
results (Windows 4.11 version):

C:\Program Files\Nmap>nmap -sA -sV -P0 -p1-100 207.189.109.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2006-11-15 12:49 Eastern
Standard Time
All 100 scanned ports on 207.189.109.100 are UNfiltered

Nmap finished: 1 IP address (1 host up) scanned in 6.219 seconds


Easy answer?  My test says filtered, his say UNfiltered for the same
address?  Are we using nmap correctly?

Thanks,

Gary

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Firewall rule detection - results differing Gary Glover (Nov 15)