From owner-freebsd-questions@FreeBSD.ORG Sat Mar 29 08:35:22 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAAB337B401 for ; Sat, 29 Mar 2003 08:35:22 -0800 (PST) Received: from monsterjam.org (rdu57-10-206.nc.rr.com [66.57.10.206]) by mx1.FreeBSD.org (Postfix) with SMTP id D7DEB43F93 for ; Sat, 29 Mar 2003 08:35:21 -0800 (PST) (envelope-from jason@monsterjam.org) Received: (qmail 34032 invoked by uid 1005); 29 Mar 2003 16:35:21 -0000 Received: from jason@monsterjam.org by monsterjam.org by uid 1002 with qmail-scanner-1.14 (clamscan: 0.54. Clear:. Processed in 1.090171 secs); 29 Mar 2003 16:35:21 -0000 Received: from unknown (HELO monsterjam.org) (10.1.1.3) by 0 with SMTP; 29 Mar 2003 16:35:19 -0000 Date: Sat, 29 Mar 2003 11:35:19 -0500 (EST) From: jason To: Dru In-Reply-To: <20030329101058.V17599@dhcp-17-14.kico2.on.cogeco.ca> Message-ID: <20030329110554.L33825-100000@monsterjam.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: questions@freebsd.org Subject: Re: VERY annoying nmap problem. (solved) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Mar 2003 16:35:24 -0000 yeah, I know the -sU is for UDP scans. Im using ipfw. Im 99.9% sure my firewall rules didnt change from version to version of nmap, but damn, youre right! scanning with my firewall disabled worked. Good catch. I guess ill have to play with my ipfw rules now. Thanks. Jason On Sat, 29 Mar 2003, Dru wrote: > > > On Sat, 29 Mar 2003, jason wrote: > > > This has been going on since version 3.0 of nmap for freebsd.. > > > > su-2.05b# uname -a > > FreeBSD monsterjam.org 4.8-RC FreeBSD 4.8-RC #0: Mon Mar 10 16:54:44 > > > > su-2.05b# nmap -sU 10.1.1.10 > > > > Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) > > sendto in send_udp_raw: sendto(3, packet, 28, 0, 10.1.1.10, 16) => > > Permission denied > > Sleeping 15 seconds then retrying > > ^Ccaught SIGINT signal, cleaning up > > su-2.05b# > > > > this is nmap installed from the ports. I have tried it from source and get > > the same thing. regular port scans work though > > > > su-2.05b# nmap 10.1.1.10 > > > > Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) > > Interesting ports on bush (10.1.1.10): > > (The 1595 ports scanned but not shown below are in state: closed) > > Port State Service > > 22/tcp open ssh > > 111/tcp open sunrpc > > 139/tcp open netbios-ssn > > 631/tcp open ipp > > 6000/tcp open X11 > > 32771/tcp open sometimes-rpc5 > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 1 second > > su-2.05b# > > > > I emailed fydor a few times and got no help. > > anyone have any ideas? This used to work fine before 3.0 > > > What firewall are you using and what rules have you created for UDP? > Using -sU (UDP scan) sends UDP packets. Whereas not specifying a switch > assumes a full connect scan which uses TCP. > > Dru >