I think that might be the solution and a very polite way to say RTFM. :-)
As it turns out after further looking, there is some internal NATting going
on of which I was not aware. These machines will show false positives when
you run winmap against the NATted address, but winmap reads properly when
run against the real address. Thanks for the help.

Matt

<snip>
From the nmap man page:

UDP scans: This method is used to determine which UDP
          (User Datagram Protocol, RFC 768) ports are open on a
          host. The technique is to send 0 byte udp packets to
          each port on the target machine. If we receive an ICMP
          port unreachable message, then the port is closed.
          Otherwise we assume it is open.

Therefore, if your hosts are not allowing ICMP in and/or out, you will
get a false positive. Try scanning the machine(s) for all UDP ports
( -p1- is the argument for that on the Unix nmap) and I'll bet you
get a report showing them all open.

-Conor
</snip>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]