Nmap Development mailing list archives
RE: Maybe bug, with -sP und ASA sending RST for denied networks
From: "Dario Ciccarone (dciccaro)" <dciccaro () cisco com>
Date: Wed, 24 Oct 2007 14:59:36 -0400
Hm. If "ASA" refers to the Cisco Adaptive Security Appliance, there is a possible explanation - whoever configured the device enabled the "service resetinbound" option: http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s1. html#wp1348346 The ICMP probe might then be dropped, and the probe to 80/tcp replied with an RST. Hard then to determine what is going on just by looking at a packet capture and with no additional info. My money would be on "resetinbound" plus ACL dropping ICMP echo request. But it could also be that the ruleset drops indeed ICMP echo request, but has an entry that says "permit tcp any host X" - and host X isn't actually listening on 80/tcp. Dario
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Fyodor Sent: Monday, October 22, 2007 7:47 PM To: Pluto Cc: nmap-dev () insecure org Subject: Re: Maybe bug, with -sP und ASA sending RST for denied networks On Thu, Oct 18, 2007 at 11:22:01AM +0200, Pluto wrote:Salve, maybe old stuff, just happened to me and can't findsomething in the docsor elsewhere. When dong the -sP with an ASA in between youand the target,the tcp-syn on port 80 will be answered by a RST from theASA, thereby makingnmap think the host is responding and alive. Of course theresults of sucha scan are basically useless then. Would it be possible to ignore RST in such a szenario? Orhave a commandline switch to trigger this?That can be a problem with port 80. You may want to try a different type of ping scan (such as ICMP only) or change the TCP ping probe port(s). -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Maybe bug, with -sP und ASA sending RST for denied networks Pluto (Oct 20)
- Re: Maybe bug, with -sP und ASA sending RST for denied networks Fyodor (Oct 22)
- Re: Maybe bug, with -sP und ASA sending RST for denied networks Pluto (Oct 24)
- RE: Maybe bug, with -sP und ASA sending RST for denied networks Dario Ciccarone (dciccaro) (Oct 24)
- Re: Maybe bug, with -sP und ASA sending RST for denied networks Pluto (Oct 26)
- RE: Maybe bug, with -sP und ASA sending RST for denied networks Dario Ciccarone (dciccaro) (Oct 26)
- Re: Maybe bug, with -sP und ASA sending RST for denied networks Fyodor (Oct 22)