0phoi5 Posted May 3, 2016 Share Posted May 3, 2016 Hey all, I've been learning nmap for the last week, scanning my own network for practice. I've managed to find open ports on other devices, however when I scan my Windows 10 machine, all ports are always filtered. I've tried; fragmenting the packets with -f spoofing my MAC to that of my internet Hub slowing down the scan with -T2 and --scan-delay turning off PING with -Pn But nmap always returns that all 1000 ports are filtered. The machine has Windows firewall turned on, but no other firewall software running. Any ideas? Thanks, Quote Link to comment Share on other sites More sharing options...
phpsystems Posted May 3, 2016 Share Posted May 3, 2016 Should there be any open ports? Sounds like the firewall is doing it's job. Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted May 3, 2016 Author Share Posted May 3, 2016 Should there be any open ports? Sounds like the firewall is doing it's job. It is indeed, which is great! However, I was hoping there was a way to circumnavigate it. My phone, as an example, showed all ports as filtered until I fragmented the packages and slowed down the scan, then it picked up open ports. Is there no way for me to trick the firewall and see open ports, or stop it from running altogether? Or, if not, how would one go about fingerprinting the OS instead of nmap? Quote Link to comment Share on other sites More sharing options...
phpsystems Posted May 3, 2016 Share Posted May 3, 2016 p0f does passive fingerprinting. So the windows 10 machine would need to generate the traffic. Also, you might want to try some of the other scan types such as Xmas tree and Fin. You could also try the nmap man page, and go through each can type to see if anything gives a better result. Bear in mind, that sometimes firewalls are completely closed off and another avenue is required. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted May 3, 2016 Share Posted May 3, 2016 (edited) I would assume, the firewall has banned your ip... Try changing your local ip and perform a less aggressive port scan... it should look like normal activity... Ip change in linux. ifconfig wlan0 inet 192.168.0.66 Dhclient wlan0 Ip change on winblows ipconfig /release Ipconfig /renew Now the nmap scan nmap -O -p 135,139,445 (target ip) Edited May 3, 2016 by i8igmac Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted May 4, 2016 Author Share Posted May 4, 2016 Thanks both, I'll have a play tonight and see if I get any luck :) Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted May 5, 2016 Author Share Posted May 5, 2016 nmap -O -p 135,139,445 (target ip) This kind-of worked, it gave me a bit more info, but unfortunately Windows 10 was picked up as an unknown operating system, and it still stated 135, 139 and 445 were filtered. p0f was a bit better, it advised the fact that it was a Windows machine, but failed to specify version 10. I'll see what the results look like with Windows firewall turned off, and if the ports suddenly open up, I'll experiment with 'piggy-backing' some code to turn it off, maybe have a play with the SET and Metasploit. Cheers guys. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.