Jump to content

Problem With Zenmap Scans

Jamo

By Jamo
in Questions

 Share

Recommended Posts

Jamo Newbie

Jamo

Posted
Posted

Im trying to secure my home network. Iv been nmap scanning all computers. Everything works well, but when Im scanning Vista sp1 laptop with F-Secure client security 8 I have problems. when using almost any scan from zenmap menu computer loses internet connection. Its still connected to wlan, but it has no internet connection. Why is that happening.

This problem occurs especially when using any Intense scan, Slow comprehensive scan.

Im doing these scans to try if I can use Armitage to gain access to that computer. The computer is mine, and I have physical access to it, and admin password.

So why zenmap scans blo that computers internet access? Any ideas.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

Is it when scanning form this machine that has F-secure on it things go wrong, or the machine you are scanning for ports has F-secure on it, and then the machine with F-secure stops responding when another machine tries scanning it with nmap?

Before you scan the machine in question, pull up a cmd prompt and document its ip and arp tables.

ipconfig /all and arp -a

Then do your scan against it and when things go funky, run the same commands and check what happens. I wonder if Windows barfs and loses its connection for the NIC and then defaults to an APIPA address, which would be in the 169.254.0.1-254 range and would no longer see the router in its ARP table, but tell you the nic is still up, which means you would have to restart the NIC, or restart the DHCP service, then restart the NIC to get another IP address.

Forgot to ask, do all the machines have F-Secure on it or just that one? Might be F-Secure doing something to try and block the scan and in turn causing the issue.

Edited by digip
Link to comment
Share on other sites
Jamo Newbie

Jamo

Posted
  • Author
Posted

Either nmap is consuming all the wireless bandwidth (very possible) or the network adapter can't handle what nmap is requesting of it (equally possible).

If I run same scan to my windows 7 computer it has no problems at all. User cant detect that scan.

In case that adapter can't handle it how I could scan that computer with out running to those problems.

All I need for that scan is that it helps Armitage to attack to that computer, which is mine, nothing illegal.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

All I need for that scan is that it helps Armitage to attack to that computer, which is mine, nothing illegal.

You can manually add that machines IP to Armitage, and then try any attacks manually, or use the MSF Scan instead of NMAP scanning. I've scanned machines whos ports didn't show open, but found some attacks that were thrown at the machine still worked, so don't could yourself out just because nmap cant scan it. MSF can enumerate services in other ways than just port scans, so throw the IP into it and then see if you can get it to show any services. You can also wireshark or tcpdump traffic from the network or MITM the machine, to see if there is anything being broadcast by this machine as well, such as the SMB Browser advertisemnet or upnp/ssdp multicast group advertising packets being spread across the network. Vista and 7 tend to be very noisy in that regard and often helps in identifying them on a network you are monitoring packets on.

Link to comment
Share on other sites
Jamo Newbie

Jamo

Posted
  • Author
Posted

Is it when scanning form this machine that has F-secure on it things go wrong, or the machine you are scanning for ports has F-secure on it, and then the machine with F-secure stops responding when another machine tries scanning it with nmap?

Im scanning from ubuntu 10.10 and target is vista, that has F-Secure (client security 8, if I remember correctly) installed.

Forgot to ask, do all the machines have F-Secure on it or just that one? Might be F-Secure doing something to try and block the scan and in turn causing the issue.

That Vista and Win7 has same version of F-Secure installed. With W7 its ok, but with Vista I have troubles.

Actually that Vista machine has been a real pain in the ass, for example I have a NAS, but that Vista just cant see it. Workgroup was correct, but It just couldn't

see that NAS. After 3 hours of configuring I got it working. Don't know what was wrong but now that works.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...