nmap from the internet

howdy kids

so im doing a network assessment for a client and i just happened to notice something. I was ping sweeping (-sP) a /20 netrange from an outside host i normally work on, and I noticed that i got huge fluctuations in the hosts that responded... so I turned the throttling down to -T2 to see what the change would be, and I still got huge fluctuation of up/down hosts.

I tried from a few other hosts I have access to, and they all experienced the same symptom. Anywhere from 30-200 hosts would come back as up... except for one a friend of mine has. I repeatedly get the same amount of live hosts from that box. I switched to a port sweep, and it's the same symptom with all the boxes except for that one... huge fluctuations of up/down hosts on each scan. I confirmed with the client that list I gathered from the exceptional box is very accurate.

what confuses me is the large amount of fluctuation I received... the first thing I would consider are the iptables on each machine i scanned from, however that doesn't explain the changes I'd see in scans ten minutes apart.

any ideas why one host would be totally reliable and the rest would fluctuate?

hmm... that is odd. it would appear that the most logical explanation is going to be a problem in your route between your toolboxes and your targets. have you compared differences in the hops between the one that fluctuates and the one that doesn't?