Nmap Development mailing list archives
Re: Nmap does not notice ACK packets
From: Mark Boltz <mboltz () stonegizmo com>
Date: Mon, 05 Feb 2007 09:32:05 -0500
Date: Sat, 03 Feb 2007 11:35:00 +0100 From: Richard van den Berg <richard.vandenberg () ins com> Subject: Nmap does not notice ACK packets To: nmap-dev () insecure org I am scanning a fairly large network using -sS and I have some hosts respond to nmap's SYN packet with only an ACK. I know this is a strange way to behave for a host. Has anyone ever seens this before? It seems intermittent because when I scan the host a second time, all is good. Even when I craft the exact same packets using hping2, the host will responds with SYN ACK (as it should). The thing is, nmap 4.20 never reacts to these ACK packet. The port shows up as filtered, and is not used to send TCP probes to either. I am not sure what "state" nmap should give to such a port. Maybe open|filtered ?
What you're seeing is possibly a firewall device of some kind, or maybe an IPS that is configured with SYN flood protection. I know that the Symantec firewalls have done this in the past, and it messes up other stateful firewalls in between that are expecting the SYN-ACK instead. If you could find out the device that's doing it, it would be a useful piece of information. -- Mark Boltz "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790) reply of the Pennsylvania Assembly to the Governor November 11, 1755 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap does not notice ACK packets Richard van den Berg (Feb 03)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 03)
- Re: Nmap does not notice ACK packets Richard van den Berg (Feb 04)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 04)
- Re: Nmap does not notice ACK packets Richard van den Berg (Feb 04)
- <Possible follow-ups>
- Re: Nmap does not notice ACK packets Mark Boltz (Feb 05)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 05)
- Re: Nmap does not notice ACK packets Hans Nilsson (Feb 06)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 05)
- Re: Nmap does not notice ACK packets Kris Katterjohn (Feb 03)