Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Im having trouble port scanning a stealthed host from behind NAT, why?

host NAT port scanning stealthed
0
Posted

Im having trouble port scanning a stealthed host from behind NAT, why?

0 CommentsAdd a Comment

1 Answer

0

This is because each probe you send out causes the creation of a new NAT table entry, and the number of entries that can be stored in the table is finite. Since your probes are not receiving closed port replies (RST for TCP and ICMP type 3, code 3 for UDP), the entries remain in the table until their prescribed timeout period has elapsed. When the table becomes full, the router is forced to drop subsequent probes. This means that the results of your scan will be false since probes that are sent when the table is full will not make it to the target host and will result in a “filtered” or “stealth” (or perhaps “open” in the case of UDP) report regardless of the state of the port they were directed at. To combat this you can set a shorter table timeout for the protocol of interest if your device allows for this and send your probes slower if your scanner allows you to. You could also try asking the administrator of the target host to temporarily “un-stealth” his firewall. You do know the

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.