interpreting results

[Joao Daniel <joaodanielnevesss () hotmail com>]

Hi,

I have create a virtual Windows XP machine (VMware) and installed NOD32 
Internet Security
with include ( of course ) a firewall.

So, to have some fun I tried to map the firewall rules (of the virtual 
machine).

#nmap -sP -PA139 --send-ip -n 172.16.13.14
Nmap reports host down.

As the guys know -PA parameter sends ACK packages. Seeding a ACK without 
seeding
an SYN makes the packages invalid.

But if I ran:
#nmap -sP -PS139 --send-ip -n172.16.13.14
Nmap reports host up.

I have also tried:
#nmap -sP -PS'other_port' --send-ip -n 172.16.13.14
Nmap reports host down.

Nmap only reports host up if I choose one of the fowling ports 
135,139,445 (the 'default' windows ports)

Conclusions:

I suppose that the firewall block invalid TCP packets. (See the first scan)

I have a felling that the firewall is blocking probes for other port 
because the virtual machine
do not run a service on that port. (Third scan)

So, What I would like to ask is:

1) Are my conclusions right?

2)What more can I do to discover more about this host?

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/