0

I'm trying to learn pentesting and one thing that triggers me for my workshop is :

I have an ip address where all reason's ports are no-response, the status for all ports are filtered but when I re-do the same command with nmap (tcp packet), I have few reason's ports that turns into host-unreachable but all ports stayed filtered, for the exact same machine !

My command :nmap -Pn -n @ip_add

If there is a firewall, it should give me the same answer (deterministic) but that's not the case, so I was wondering what can be the origin please ? Do you have any hints ?

Improve this question

1 Answer 1

Reset to default
1

If there is a firewall, it should give me the same answer (deterministic) but that's not the case

Firewalls may be stateful. For example, iptables may be configured to reject the request with host-unreachable by doing -j REJECT --reject-with icmp-host-unreachable if rate limiting condition such as -m recent --update --seconds 3600 --hitcount 5 is met.

In your case it is possible that the firewall is configured similarly to detect many port scanning requests and reject with ICMP port unreachable.

You can try to use a more cautious timing template, such as nmap -T2 (nmap -T polite) and see if it avoids triggering the rate limit. See nmap documentation for details.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .