Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Mar 2003 11:35:19 -0500 (EST)
From:      jason <jason@monsterjam.org>
To:        Dru <dlavigne6@cogeco.ca>
Cc:        questions@freebsd.org
Subject:   Re: VERY annoying nmap problem. (solved)
Message-ID:  <20030329110554.L33825-100000@monsterjam.org>
In-Reply-To: <20030329101058.V17599@dhcp-17-14.kico2.on.cogeco.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
yeah, I know the -sU is for UDP scans. Im using ipfw. Im 99.9% sure
my firewall rules didnt change from version to version of nmap, but damn,
youre right! scanning with my firewall disabled worked. Good catch. I
guess ill have to play with my ipfw rules now. Thanks.

Jason


On Sat, 29 Mar 2003, Dru wrote:

>
>
> On Sat, 29 Mar 2003, jason wrote:
>
> > This has been going on since version 3.0 of nmap for freebsd..
> >
> > su-2.05b# uname -a
> > FreeBSD monsterjam.org 4.8-RC FreeBSD 4.8-RC #0: Mon Mar 10 16:54:44
> >
> > su-2.05b# nmap -sU 10.1.1.10
> >
> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> > sendto in send_udp_raw: sendto(3, packet, 28, 0, 10.1.1.10, 16) =>
> > Permission denied
> > Sleeping 15 seconds then retrying
> > ^Ccaught SIGINT signal, cleaning up
> > su-2.05b#
> >
> > this is nmap installed from the ports. I have tried it from source and get
> > the same thing. regular port scans work though
> >
> > su-2.05b# nmap  10.1.1.10
> >
> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> > Interesting ports on bush (10.1.1.10):
> > (The 1595 ports scanned but not shown below are in state: closed)
> > Port       State       Service
> > 22/tcp     open        ssh
> > 111/tcp    open        sunrpc
> > 139/tcp    open        netbios-ssn
> > 631/tcp    open        ipp
> > 6000/tcp   open        X11
> > 32771/tcp  open        sometimes-rpc5
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
> > su-2.05b#
> >
> > I emailed fydor a few times and got no help.
> > anyone have any ideas? This used to work fine before 3.0
>
>
> What firewall are you using and what rules have you created for UDP?
> Using -sU (UDP scan) sends UDP packets. Whereas not specifying a switch
> assumes a full connect scan which uses TCP.
>
> Dru
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030329110554.L33825-100000>