Re: Weird Nmap Behavior



On Mon, Oct 5, 2009 at 1:38 PM, arvind doraiswamy
<arvind.doraiswamy@xxxxxxxxx> wrote:
--- If every port is filtered and ping is blocked(Internet) how does
Nmap decide that a host is up?
--- How would you explain behavior like the above where I know for a
fact an IP hasn't been assigned to a server/device/anything?

Lastly if I want to test known "down" IP's are there any such IP's?
Not misspelt domain names as of now - just test "down" IP addresses.

Finally if this behavior for Nmap is how it is and can't be
changed(due to whatever stack dependencies etc , just shooting in the
air here) isn't this giving in accurate results? What is a workaround?


Did you run nmap with the --reason flag? If it's possible post the
output of the --reason scan or mostly it'd be self-explanatory.

HTH,
--
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • RE: Weird Nmap Behavior
    ... As nice as NMAP is, ... Host xxx.xxx.xxx.241 is up (0.0089s latency). ... Information Assurance Certification Review ...
    (Pen-Test)
  • Re: Nmap
    ... Most of the time using nmap to tell if a host is up is the wrong thing to do. ... Port scanning is messy and noisy, you're better testing thing one by one like that. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • RE: run nmap automatically from index.html (??)
    ... that references a CGI file, use the REMOTE_ADDR environment variable, pass that into your script. ... run nmap automatically from index.html ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Weird Nmap Behavior
    ... standart nmap behaviour, I think, taking into account that -PN switch ... When you're scanning host in the LAN, ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • FW: Scanner & BaseLine Report Diff?
    ... If not something like nmap then maybe a service like ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)