From owner-freebsd-ports Tue Aug 1 6:20:12 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0127237BC55 for ; Tue, 1 Aug 2000 06:20:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id GAA19443; Tue, 1 Aug 2000 06:20:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from pf39.warszawa.sdi.tpnet.pl (pf39.warszawa.sdi.tpnet.pl [213.25.209.39]) by hub.freebsd.org (Postfix) with ESMTP id 683FB37B5C1 for ; Tue, 1 Aug 2000 06:13:41 -0700 (PDT) (envelope-from zaks@pf39.warszawa.sdi.tpnet.pl) Received: (from root@localhost) by pf39.warszawa.sdi.tpnet.pl (8.9.3/8.9.3) id PAA04510; Tue, 1 Aug 2000 15:13:35 +0200 (CEST) (envelope-from zaks) Message-Id: <200008011313.PAA04510@pf39.warszawa.sdi.tpnet.pl> Date: Tue, 1 Aug 2000 15:13:35 +0200 (CEST) From: zaks@prioris.mini.pw.edu.pl Reply-To: zaks@prioris.mini.pw.edu.pl To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/20342: Nmap doesn't report open ports in stealth scan mode Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20342 >Category: ports >Synopsis: Nmap doesn't report open ports in stealth scan mode >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 01 06:20:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Slawek Zak >Release: FreeBSD 5.0-CURRENT i386 >Organization: Warsaw University of Technology >Environment: P-t-P interface (tun0) was used. Nmap version i 2.53 compiled from ports >Description: Nmap doesn't seem to find remote ports open working in stealth mode. Ports are recognized as filtered. >How-To-Repeat: [tun interface] pf39# nmap -sS -P0 -v -p25 prioris [..........] Port State Service 25/tcp filtered smtp Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds ## Relevant tcpdump trace pf39.53713 > prioris.smtp: S 490700102:490700102(0) win 4096 prioris.smtp > pf39.53713: S 1925646539:1925646539(0) ack \ 490700103 win 16384 (DF) pf39.53713 > prioris.smtp: R 490700103:490700103(0) win 0 pf39.53714 > prioris.smtp: S 1243791711:1243791711(0) win 4096 prioris.smtp > pf39.53714: S 1926781491:1926781491(0) ack \ 1243791712 win 16384 (DF) pf39.53714 > prioris.smtp: R 1243791712:1243791712(0) win 0 pf39.53715 > prioris.smtp: S 2733700557:2733700557(0) win 4096 pf39.53716 > prioris.smtp: S 490700102:490700102(0) win 4096 prioris.smtp > pf39.53716: S 1929281189:1929281189(0) ack \ 490700103 win 16384 (DF) pf39.53716 > prioris.smtp: R 490700103:490700103(0) win 0 pf39.53717 > prioris.smtp: S 1243791711:1243791711(0) win 4096 prioris.smtp > pf39.53717: S 1930419819:1930419819(0) ack \ 1243791712 win 16384 (DF) pf39.53717 > prioris.smtp: R 1243791712:1243791712(0) win 0 pf39.53718 > prioris.smtp: S 2733700557:2733700557(0) win 4096 [Other host (3.5-STABLE), ethernet interface] prioris# nmap -sS -P0 -v -p25 alpha [..........] Port State Service 25/tcp open smtp Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds >Fix: Probably problem lays in the some tun interface implementation bug. The same version of nmap on FreeBSD 3.5-STABLE, using fxp ethernet interface works fine. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message