Nmap stops on windows server
Results 1 to 8 of 8

Thread: Nmap stops on windows server

  1. #1
    Junior Member
    Join Date
    May 2003
    Posts
    3

    Nmap stops on windows server

    There is this web server - It uses ASP so it must be a windows server. It is impossible for me to portscan it with nmap. Every time nmap stops at some point... I have tried every option. It doesn't reply ICMP echo requests. Its probably using a firewall. Any idea which firewall it is or how I can get some results from nmap ?
    Thanks for any help
    --
    (Space available for rent-- contact
    000-oblivion)

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    This server doesn't really sound like it is yours to be scanning with NMap the way you have phrased this. You have to also understand that packets emanating from NMap are usually quite recognizable thus it could be blocked/dropped/reset by any number of applicatons or devices.

    My best advice to you is to call the admin of the server and ask him what OS/version/web server/patch level/open ports/firewall and workable exploits he uses/allows and see what he says. It might be quicker that way........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207

    Re: Nmap stops on windows server

    Originally posted here by jabbajabba
    [B]There is this web server - It uses ASP so it must be a windows server.
    A flawed assumption, but i'll let you continue.

    It is impossible for me to portscan it with nmap. Every time nmap stops at some point... I have tried every option...
    Are you sure you're being patient enough?

    Why not ask the sysadmin what the network configuration is? I'm sure they would oblige if you have a legitimate reason for scanning it.

    If you're doing pen testing, then it might make you look a bit silly though

    Slarty

  4. #4
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    it's relatively easy to block all icmp packet requests, there are other methods of scanning, though, look up port scanning, that is another method of finding live hosts. by scanning for common ports on every potential address, you can accurately determine which hosts are alive.
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  5. #5
    Junior Member
    Join Date
    Jul 2002
    Posts
    18
    Tarpit can mess with ports scanning... And some configuration on firewall can slow your ports scanning to a craw. Be patient, that can be a very slow process. If you want to know what is happening, sniff with tcpdump what nmap do.

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    3
    Thanks for the replies.. I left my ego and asked the sysadmin who is a friend- he didnt tell me the firewall he was using (gave me some time to guess) but told me it specifically blocked connections and packets from nmap (didnt tell me how it did that either) .
    Thanks

    BTW slarty, I know there are a couple of ASP implementations on Linux including a perl module but are they as good as the one on windows ? I mean they cant do the .net things.
    --
    (Space available for rent-- contact
    000-oblivion)

  7. #7
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    If you are doing pen testing a open port doesent mean there is an exploitable service running on it you should leave the port scan and start focusing on web apps here is a good link to Web Application security if it doesent satify you're apetite pick a subject from there and focus on it most stuff isnt hard to learn. Also if you are on linux fireup tcpdump when you're scanning see what's going on with the packets there is also windump for windows
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  8. #8
    Member
    Join Date
    Sep 2002
    Posts
    74
    apache has mod asp, but it isnt as well supported as on IIS, have u tried using http banner grabber from www.gimpcode.com?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •