> On Mon, May 16, 2011 at 08:46:06PM +0200, Giovanni Schmid wrote: >> Hi, >> >> I tested Nmap 5.21 on Oracle Solaris 11 and found that it only >> apparently works. Actually, many different scan sessions (with >> different options and targets) got wrong results. For ex., the >> following scan is related to a host with 22/tcp (SSH) and 111/tcp >> (rpcbind) open; however the two services are not detected. Morever, >> turning off the -PN option results in an host apparently blocking up >> ping probes. This is not the case, instead. >> >> # nmap -A 172.16.3.42 >> >> Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:13 CEST >> Note: Host seems down. If it is really up, but blocking our ping probes, >> try -PN >> Nmap done: 1 IP address (0 hosts up) scanned in 3.60 seconds >> >> # nmap -PN -A 172.16.3.42 >> >> Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:14 CEST >> Nmap scan report for 172.16.3.42 >> Host is up. >> All 1000 scanned ports on 172.16.3.42 are filtered >> Too many fingerprints match this host to give specific OS details >> >> TRACEROUTE (using proto 1/icmp) >> HOP RTT ADDRESS >> 1 ... 30 >> >> # nmap -PN -sS 172.16.3.42 >> >> Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:34 CEST >> Nmap scan report for 172.16.3.42 >> Host is up. >> All 1000 scanned ports on 172.16.3.42 are filtered >> >> Nmap done: 1 IP address (1 host up) scanned in 201.16 seconds > > Thank you for reporting this. We need some more information from you. Do > the wrong results happen every time, or only sometimes? Is it only this > IP address that has the problem, or other LAN addresses, or all > addresses?
Hi David. The wrong results happen every time, and for different hosts in the same LAN. There were no firewalls among the targets and the scanning host. Moreover, I compared the results for the above targets against another scanning host running Nmap 4.x on Linux in the same LAN, and in this case the results were correct. > It looks like you are getting no reponses at all from the target. Is > there a firewall or something similar in the way? What output do you see > when you run the command > ssh -v 172.16.3.42 At this moment I cannot run the above command, since I am at home and 172.16.3.42 in not reachable through the Internet. However 172.16.3.42 is a Solaris 11 box too, and its sshd should be Sun_SSH_1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090801f or above. If you need a more accurate and detailed information, please let me know; I could collect that and send it to you next Monday. Giovanni Schmid > > David Fifield > _______________________________________________ security-discuss mailing list [email protected]
