[Semibug] Does a firewall block nmap?
Jonathan Drews
jondrews at fastmail.com
Sun Sep 25 15:07:57 EDT 2022
Hi Folks:
Does a firewall block nmap?
I have two machines on my local (192.168.1.0/24) network. If I do
$ nmap -v 192.168.1.5
I get:
Starting Nmap 7.91 ( https://nmap.org ) at 2022-09-25 12:43 MDT
Initiating Ping Scan at 12:43
Scanning 192.168.1.5 [2 ports]
Completed Ping Scan at 12:43, 3.04s elapsed (1 total hosts)
Nmap scan report for 192.168.1.5 [host down]
Read data files from: /usr/local/share/nmap
Note: Host seems down. If it is really up, but blocking our ping
probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.15 seconds
192.168.1.5 is an Ubuntu laptop guarded by UFW (Uncomplicated
Firewall). The nmap sacn says the host is down. However if I do:
$ ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: icmp_seq=0 ttl=64 time=106.297 ms
64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=332.930 ms
64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=167.360 ms
64 bytes from 192.168.1.5: icmp_seq=3 ttl=64 time=380.937 ms
^C
--- 192.168.1.5 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 106.297/246.881/380.937/113.427 ms
My UFW rules are:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
How come ping detects the host and nmap does not detect it?
--
Kind regards,
Jonathan
More information about the Semibug
mailing list