Ping Scan over VPN gives incorrect "256 IP addresses up" Result
VPN between "home" (NSA 3600 latest firmware) to "remote" (SOHO250W latest firmware). "Remote" is known to have 15 active IP addresses.
When using any 'bulk tool' like Zenmap to just a ping scan the return is "256 IPs UP" when that is known to be untrue. Also, to have 256 IPs be up would include the lowest (network) and highest (Bcast) so that's an issue too. these results are incorrect.
This issue also seems to come into play when we use scripts to manage the remote workstations. While we can connect to the workstations on-at-a-time, and attempt tp do this programmatically using multiple threads (i.e. going fast to multiple targets) fails.
any help would be appreciated, thanks!
Chumley
Best Answers
-
TKWITS Community Legend ✭✭✭✭✭
Are you sure the ping scan is going over the tunnel? What subnets are you using? Have you tried a different ping scan product (e.g. Angry IP Scanner)?
1 -
FP_Chum Newbie ✭
TKWITS,
Thanks for this, it put me on the right path. I didn't realize that Zenmap's default 'ping' is really a combo of ICMP Echo Request and "an out of sync ack request". When I separated it and used only ICMP echo requests, I got the true results. When I then used only the 'out of sync ack" method in Zenmap, I got the "all hosts up". This makes sense because stateful inspection should balk at anything 'out of sync' and reply to the sender with a 'reset'. As Zenmap thinks any reply to the out-of-sync-ack is the host showing it us 'up', I get 'all hosts up" as a result.
This fixed it for me, thanks!
FP_Chum
0