What's wrong?

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
19
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

What's wrong?

Post by Nerdz »

A friend of mine keeps showing his ip on his msn... I warned him that people could scan him and blablabla... and he told me it was all bullshit. So as far as I know, I took his ip and tried to scan him with nmap -v -sS -o [ip]
and it said maybe the host is down...

The host can't be down because at the same time I was on his teamspeak server... So I tried to ping his ip and no response...

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11638
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:

Post by bad_brain »

Firewall,mate.... :wink:
A SYN-scan is recognized by most packetfilters, even if it´s half-open (-sS).
Same with the Ping, the packets simply gets "swallowed" by the packetfilter and no response is send.
Try different methods like FIN- (-sF), Xmas-Tree-(-sX) or Null-scans(-sN) if he´s using a *nix OS (don´t work for MS, but I´m not 100% sure about that).
For a MS OS you can try a simple ping scan (-sP), nmap is using different ping methods: If the normal ICMP-packet is swallowed by the firewall it sends an TCP-datagram with the ACK-flag set which causes the target system to send a RST back, and if that still don´t work it sends a SYN-datagram which "waits" for a RST or SYN/ACK.
Another interesting option would be an ACK-scan(-sA), you must notice that only the ports which are not displayed in the scan result are the unfiltered("open") ones.
nmap is a real nice program, but far to extensive to explain all possible scan options here, so the best would be when you set up a home network and do some scans with enabled/disabled firewalls so you can experiment a bit and get experience.... :wink:

Oh, and you´re right: It is no good idea to display your IP to others IMO, and even if it´s not possible to hack into the system it opens possibilities for other stuff like flood attacks for example...

Post Reply