Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Aug 2000 15:13:35 +0200 (CEST)
From:      zaks@prioris.mini.pw.edu.pl
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/20342: Nmap doesn't report open ports in stealth scan mode
Message-ID:  <200008011313.PAA04510@pf39.warszawa.sdi.tpnet.pl>

next in thread | raw e-mail | index | archive | help

>Number:         20342
>Category:       ports
>Synopsis:       Nmap doesn't report open ports in stealth scan mode
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 01 06:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Slawek Zak
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
	Warsaw University of Technology
>Environment:

	P-t-P interface (tun0) was used. Nmap version i 2.53 compiled
	from ports

>Description:

	Nmap doesn't seem to find remote ports open working in stealth
	mode. Ports are recognized as filtered.

>How-To-Repeat:

	[tun interface]

	pf39# nmap -sS -P0 -v -p25 prioris
	[..........]
	Port       State       Service
	25/tcp     filtered    smtp

	Nmap run completed -- 1 IP address (1 host up) scanned in 36
	seconds

	## Relevant tcpdump trace

	pf39.53713 > prioris.smtp: S 490700102:490700102(0) win 4096
	prioris.smtp > pf39.53713: S 1925646539:1925646539(0) ack \
		490700103 win 16384 <mss 1460> (DF)
	pf39.53713 > prioris.smtp: R 490700103:490700103(0) win 0
	pf39.53714 > prioris.smtp: S 1243791711:1243791711(0) win 4096
	prioris.smtp > pf39.53714: S 1926781491:1926781491(0) ack \
		1243791712 win 16384 <mss 1460> (DF)
	pf39.53714 > prioris.smtp: R 1243791712:1243791712(0) win 0
	pf39.53715 > prioris.smtp: S 2733700557:2733700557(0) win 4096
	pf39.53716 > prioris.smtp: S 490700102:490700102(0) win 4096
	prioris.smtp > pf39.53716: S 1929281189:1929281189(0) ack \
		490700103 win 16384 <mss 1460> (DF)
	pf39.53716 > prioris.smtp: R 490700103:490700103(0) win 0
	pf39.53717 > prioris.smtp: S 1243791711:1243791711(0) win 4096
	prioris.smtp > pf39.53717: S 1930419819:1930419819(0) ack \
		1243791712 win 16384 <mss 1460> (DF)
	pf39.53717 > prioris.smtp: R 1243791712:1243791712(0) win 0
	pf39.53718 > prioris.smtp: S 2733700557:2733700557(0) win 4096

	[Other host (3.5-STABLE), ethernet interface]

	prioris# nmap -sS -P0 -v -p25 alpha
	[..........]

	Port       State       Service
	25/tcp     open        smtp

	Nmap run completed -- 1 IP address (1 host up) scanned in 0
	seconds

>Fix:

	Probably problem lays in the some tun interface implementation
	bug. The same version of nmap on FreeBSD 3.5-STABLE, using fxp
	ethernet interface works fine.


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008011313.PAA04510>