Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-18-2007, 10:44 PM   #1
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 79

Rep: Reputation: 20
Strange nmap results when scanning IP Ranges

Hi, I was just exploring the nmap function that allows you to scan a range of IP's on your network for active IP's. Well, when I scan a using a 24bit mask 255 addresses I get normal results that show my machines that are up/pingable on my network. However, I get a very strange results when I scan beyond the 24 bit mask.. Using a simple 25 bit mask results with TONS of pingable IP's outside my normal network masking.
Seems weird but I noticed this a while back when running this as well. I can ping all these IP's nmap finds but I have no idea what the heck they are??
nmap -sP 10.16.0/23
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
Host appears to be up.
And the list of pingable IP's goes on and on.... WTF??
Any ideas? Can you run this on your machines and see what the results are? I have standard setup with NATTED router.

Last edited by NuxIT; 01-18-2007 at 10:45 PM.
Old 01-18-2007, 10:49 PM   #2
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 79

Original Poster
Rep: Reputation: 20
BTW, here's what I get when I run a nmap -O against any of these IP's.. I can't telnet nor run smbclient commands to this IP so I don't know why it reports them as open. Pretty weird huh?
root@nuxbox:~# nmap -O

Starting nmap 3.81 ( ) at 2007-01-18 20:49 EST
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on
(The 1653 ports scanned but not shown below are in state: closed)
23/tcp   filtered telnet
80/tcp   filtered http
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1720/tcp filtered H.323/Q.931
Device type: broadband router|telecom-misc|switch|hub|remote management|general purpose
Running: Edimax embedded, Nortel embedded, NTT embedded, 3Com embedded, Cisco embedded, Enterasys embedded, HP embedded, Sequent DYNIX
OS details: Edimax BR-6004 broadband router, Nortel CallPilot 100 voicemail system, 3Com Superstack 3 switch, Enterasys switch, HP TopTools remote control card, or Cisco 1538M hub, Sequent DYNIX/ptx 4.4.6 x86

Nmap finished: 1 IP address (1 host up) scanned in 7.650 seconds
Old 01-19-2007, 03:30 AM   #3
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 56
I don't see them opened, they are filtered. Which means a firewall is blocking your request and doesn't want to tell you wether its open or closed. If you scan them from IP X and they say filtered then telneting won't work from this IP X.
For the first question, you are probably hitting a broadcast address (assumption?).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
OS detection and port scanning without nmap. User Name. Linux - Security 5 09-07-2006 09:42 AM
Configuring servers (apache, sshd) - strange nmap results usg Linux - Networking 5 07-08-2006 01:34 AM
nmap scanning techniques metallica1973 Linux - Security 4 10-24-2005 11:16 PM
Nmap 3.93 scanning problems ? memo007 Linux - Software 1 09-21-2005 06:45 AM
nmap results djcomplex Linux - Software 3 03-20-2004 02:46 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:48 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration