[Semibug] Does a firewall block nmap?

Jonathan Drews jondrews at fastmail.com
Sun Sep 25 15:17:57 EDT 2022 

On Sun, Sep 25, 2022 at 01:08:00PM -0600, Jonathan Drews wrote:
> Hi Folks:
> 
>  Does a firewall block nmap? 
> 
> I have two machines on my local (192.168.1.0/24) network. If I do 
> $ nmap -v 192.168.1.5
> 
> I get:
> Starting Nmap 7.91 ( https://nmap.org ) at 2022-09-25 12:43 MDT
> Initiating Ping Scan at 12:43
> Scanning 192.168.1.5 [2 ports]
> Completed Ping Scan at 12:43, 3.04s elapsed (1 total hosts)
> Nmap scan report for 192.168.1.5 [host down]
> Read data files from: /usr/local/share/nmap
> Note: Host seems down. If it is really up, but blocking our ping
> probes, try -Pn
> Nmap done: 1 IP address (0 hosts up) scanned in 3.15 seconds
> 
> 192.168.1.5 is an Ubuntu laptop guarded by UFW (Uncomplicated
> Firewall). The nmap sacn says the host is down. However if I do:
> 
> $ ping 192.168.1.5
> PING 192.168.1.5 (192.168.1.5): 56 data bytes
> 64 bytes from 192.168.1.5: icmp_seq=0 ttl=64 time=106.297 ms
> 64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=332.930 ms
> 64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=167.360 ms
> 64 bytes from 192.168.1.5: icmp_seq=3 ttl=64 time=380.937 ms
> ^C
> --- 192.168.1.5 ping statistics ---
> 4 packets transmitted, 4 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 106.297/246.881/380.937/113.427 ms
> My UFW rules are:
> $ sudo ufw status verbose
> Status: active
> Logging: on (low)
> Default: deny (incoming), allow (outgoing), disabled (routed)
> New profiles: skip
> 
> How come ping detects the host and nmap does not detect it?
> 

Never mind. I used an alternative configuration. and it worked.

$ nmap -v -Pn 192.168.1.5
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-09-25 12:59 MDT
Initiating Parallel DNS resolution of 1 host. at 12:59
Completed Parallel DNS resolution of 1 host. at 12:59, 0.01s elapsed
Initiating Connect Scan at 12:59
Scanning 192.168.1.5 [1000 ports]
Connect Scan Timing: About 15.00% done; ETC: 13:02 (0:02:56 remaining)
Connect Scan Timing: About 30.00% done; ETC: 13:02 (0:02:22 remaining)
Connect Scan Timing: About 45.00% done; ETC: 13:02 (0:01:51 remaining)
Connect Scan Timing: About 59.50% done; ETC: 13:02 (0:01:22 remaining)
Connect Scan Timing: About 74.50% done; ETC: 13:02 (0:00:52 remaining)
Completed Connect Scan at 13:02, 203.02s elapsed (1000 total ports)
Nmap scan report for 192.168.1.5
Host is up.
All 1000 scanned ports on 192.168.1.5 are filtered

It says host is up.

More information about the Semibug mailing list