> On Sat, May 21, 2011 at 08:33:57PM +0200, Giovanni Schmid wrote: >> > On Mon, May 16, 2011 at 08:46:06PM +0200, Giovanni Schmid wrote: >> >> Hi, >> >> >> >> I tested Nmap 5.21 on Oracle Solaris 11 and found that it only >> >> apparently works. Actually, many different scan sessions (with >> >> different options and targets) got wrong results. For ex., the >> >> following scan is related to a host with 22/tcp (SSH) and 111/tcp >> >> (rpcbind) open; however the two services are not detected. Morever, >> >> turning off the -PN option results in an host apparently blocking up >> >> ping probes. This is not the case, instead. >> >> >> >> # nmap -A 172.16.3.42 >> >> >> >> Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:13 CEST >> >> Note: Host seems down. If it is really up, but blocking our ping >> probes, >> >> try -PN >> >> Nmap done: 1 IP address (0 hosts up) scanned in 3.60 seconds >> >> >> >> # nmap -PN -A 172.16.3.42 >> >> >> >> Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:14 CEST >> >> Nmap scan report for 172.16.3.42 >> >> Host is up. >> >> All 1000 scanned ports on 172.16.3.42 are filtered >> >> Too many fingerprints match this host to give specific OS details >> >> >> >> TRACEROUTE (using proto 1/icmp) >> >> HOP RTT ADDRESS >> >> 1 ... 30 >> >> >> >> # nmap -PN -sS 172.16.3.42 >> >> >> >> Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:34 CEST >> >> Nmap scan report for 172.16.3.42 >> >> Host is up. >> >> All 1000 scanned ports on 172.16.3.42 are filtered >> >> >> >> Nmap done: 1 IP address (1 host up) scanned in 201.16 seconds >> > >> > Thank you for reporting this. We need some more information from you. >> Do >> > the wrong results happen every time, or only sometimes? Is it only >> this >> > IP address that has the problem, or other LAN addresses, or all >> > addresses? >> >> Hi David. >> >> The wrong results happen every time, and for different hosts in the same >> LAN. There were no firewalls among the targets and the scanning host. >> Moreover, I compared the results for the above targets against another >> scanning host running Nmap 4.x on Linux in the same LAN, and in this >> case the results were correct. >> >> > It looks like you are getting no reponses at all from the target. Is >> > there a firewall or something similar in the way? What output do you >> see >> > when you run the command >> > ssh -v 172.16.3.42 >> >> At this moment I cannot run the above command, since I am at home and >> 172.16.3.42 in not reachable through the Internet. However 172.16.3.42 >> is a Solaris 11 box too, and its sshd should be >> >> Sun_SSH_1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090801f >> >> or above. > > I didn't mean to ask for the SSH version number; it's just that I would > be surprised if ssh works at all if Nmap can get no responses. > > Can you try the scan again, this time with --unprivileged? > > David Fifield > OK, I will do the unprivileged scan on Monday and will let you know. However, SSH connections from the scanning host to the targets worked perfectly during the test. I can say this with confidence because I used SSH to log to the targets before, during and after the scan sessions and it worked.
Giovanni Schmid _______________________________________________ security-discuss mailing list [email protected]
