Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Ping Scan over VPN gives incorrect "256 IP addresses up" Result

VPN between "home" (NSA 3600 latest firmware) to "remote" (SOHO250W latest firmware). "Remote" is known to have 15 active IP addresses.

When using any 'bulk tool' like Zenmap to just a ping scan the return is "256 IPs UP" when that is known to be untrue. Also, to have 256 IPs be up would include the lowest (network) and highest (Bcast) so that's an issue too. these results are incorrect.

This issue also seems to come into play when we use scripts to manage the remote workstations. While we can connect to the workstations on-at-a-time, and attempt tp do this programmatically using multiple threads (i.e. going fast to multiple targets) fails.

any help would be appreciated, thanks!

Chumley

Category: Mid Range Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    TKWITSTKWITS All-Knowing Sage ✭✭✭✭
    Accepted Answer

    Are you sure the ping scan is going over the tunnel? What subnets are you using? Have you tried a different ping scan product (e.g. Angry IP Scanner)?

  • CORRECT ANSWER
    FP_ChumFP_Chum Newbie ✭
    Accepted Answer

    TKWITS,

    Thanks for this, it put me on the right path. I didn't realize that Zenmap's default 'ping' is really a combo of ICMP Echo Request and "an out of sync ack request". When I separated it and used only ICMP echo requests, I got the true results. When I then used only the 'out of sync ack" method in Zenmap, I got the "all hosts up". This makes sense because stateful inspection should balk at anything 'out of sync' and reply to the sender with a 'reset'. As Zenmap thinks any reply to the out-of-sync-ack is the host showing it us 'up', I get 'all hosts up" as a result.

    This fixed it for me, thanks!


    FP_Chum

Sign In or Register to comment.