Nmap Development mailing list archives
Re: When tethering through my (UK) mobile provider, nmap reports closed ports as open
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Feb 2019 11:22:52 -0700
On Tue, Feb 12, 2019 at 06:12:19PM +0000, Jaime T wrote:
Apologies if this is not the correct list for this, but after an hour of digging, I couldn't find anywhere more suitable. As per the title, when I tether through my mobile phone (O2 sim, based in the UK), nmap tells me that closed ports are open. Is this a "known" problem, or is it something more specific to my mobile phone network provider? In case it makes a difference, I'm running nmap on debian stretch.
I have heard that some network equipment will speculatively inject a false SYN/ACK for every SYN, in order to decrease perceived latency, or something. You may be able to get some more information using the --reason option, which will show the TTL of received packets. If the SYN/ACK is being injected, it will probably have a TTL that is inconsistent with non-injected packets, for example the echo-reply. # nmap --reason -p81 scanme.nmap.org Host is up, received echo-reply ttl 50 (0.091s latency). PORT STATE SERVICE REASON 81/tcp closed hosts2-ns reset ttl 50 _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- When tethering through my (UK) mobile provider, nmap reports closed ports as open Jaime T (Feb 12)
- Re: When tethering through my (UK) mobile provider, nmap reports closed ports as open David Fifield (Feb 12)