nmap firewall bypass: error troubleshooting

  •  WARNING:  RST from port 1 -- is this port really open?

Solution:  nmap -v -oA output --scan-delay 0.05 -iL assetsList --max-parallelism 1

or use  --max-rate 100 --max-hostgroup 1

  • idle scan zombie .. cannot be used because it has not returned any of our probes -- perhaps it is down or firewalled
Solution: in my case the zombie port was opened but the traffic passed through a firewall. What I did was to chose a zombie located in my same network segment.

To choose the zombie: nmap -v -O target

check the end of the scan and you should find something like:

IP ID Sequence Generation: Incremental

Now you have the zombie. To run the attack make sure to specify the zombie's open port, like shown below:

nmap -sI zombie:1032 target -Pn

Now the attack should work :)


References:
http://nmap.org/book/man-performance.html
http://www.pdfiles.com/pdf/files/English/Security/Network_Exploration_And_Security_Auditing_Cookbook.pdf
http://www.opensourceforu.com/2011/02/advanced-nmap-scanning-firewalls/
http://insecurety.net/?p=42
https://evilzone.org/tutorials/evading-firewalls-with-nmap/
http://resources.infosecinstitute.com/nmap-evade-firewall-scripting/ (typo in --scan-delay)
http://nmap.org/book/man-bypass-firewalls-ids.html
https://pentestlab.wordpress.com/2012/04/02/nmap-techniques-for-avoiding-firewalls/
https://nmap.org/nsedoc/scripts/firewall-bypass.html