Why does nmap ping scan over a VPN link return all hosts alive?

Posted by ewwhite on Server Fault See other posts from Server Fault or by ewwhite
Published on 2012-11-22T20:18:23Z Indexed on 2012/11/23 11:02 UTC
Read the original article Hit count: 535

Filed under:

vpn

|

cisco-vpn

|

icmp

|

nmap

I'm curious as to why running an nmap -sP (ping scan) on a remote subnet linked via a Cisco site-to-site IPSec tunnel returns "host up" status for every IP in the range.

[root@xt ~]# nmap -sP 192.168.108.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-11-22 14:08 CST
Host 192.168.108.0 appears to be up.
Host 192.168.108.1 appears to be up.
Host 192.168.108.2 appears to be up.
Host 192.168.108.3 appears to be up.
Host 192.168.108.4 appears to be up.
Host 192.168.108.5 appears to be up.
.
.
.
Host 192.168.108.252 appears to be up.
Host 192.168.108.253 appears to be up.
Host 192.168.108.254 appears to be up.
Host 192.168.108.255 appears to be up.
Nmap finished: 256 IP addresses (256 hosts up) scanned in 14.830 seconds

However, a ping of a known-down IP simply times out or doesn't return anything...

[root@xt ~]# ping 192.168.108.201
PING 192.168.108.201 (192.168.108.201) 56(84) bytes of data.

--- 192.168.108.201 ping statistics ---
144 packets transmitted, 0 received, 100% packet loss, time 143001ms

Is there a more effective way to scan live devices connected in this manner?

© Server Fault or respective owner

Related posts about vpn

Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
l2tp / ipsec debian Openswan U2.6.38 does not connect

as seen on Server Fault - Search for 'Server Fault'
i am trying to get ipsec/l2tp running on a debian server with an iphone as a client but always get: Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received Vendor ID payload [RFC 3947] method set to=115 Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received… >>> More
Setup VPN issue on Ubuntu Server 12.04

as seen on Server Fault - Search for 'Server Fault'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Cannot connect with Cisco VPN but can connect with ShrewSoft VPN

as seen on Server Fault - Search for 'Server Fault'
EDIT: We connected an air card to the computer to use a different Internet connection and using the Cisco software, we were able to successfully connect to our VPN server. I just don't understand why the ShrewSoft VPN client would connect but the Cisco connection won't. I'm not our network admin… >>> More

Related posts about cisco-vpn

Cannot connect with Cisco VPN but can connect with ShrewSoft VPN

as seen on Server Fault - Search for 'Server Fault'
EDIT: We connected an air card to the computer to use a different Internet connection and using the Cisco software, we were able to successfully connect to our VPN server. I just don't understand why the ShrewSoft VPN client would connect but the Cisco connection won't. I'm not our network admin… >>> More
Cisco VPN Connection - No internet no nothing

as seen on Server Fault - Search for 'Server Fault'
Hi all, Sorry if this has been posted, I tried searching but I am not exactly sure what I am looking for, I am a developer not a networking guy. We have a client whom we need to use Cisco VPN client to connect to their servers. I have installed the software, dropped in the provided .pcf file, and… >>> More
Cisco VPN Client dropping connection

as seen on Server Fault - Search for 'Server Fault'
Using Windows XP and Cisco VPN client version 5.0.4.xxx to connect to a remote customer site. We are able to establish the connection and start an RDP session, but within 1-2 minutes the connection drops and the VPN connection disconnects. The PC making the connection is on a DMZ which is NATed… >>> More
64-bit Cisco VPN client (IPsec) ?

as seen on Server Fault - Search for 'Server Fault'
Cisco VPN client (IPsec) does not support 64bit Windows. Worse, Cisco does not even plan to release a 64-bit version, instead they say that "For x64 (64-bit) Windows support, you must utilize Cisco's next-generation Cisco AnyConnect VPN Client." Cisco VPN Client Introduction Cisco VPN Client FAQ But… >>> More
How to allow local LAN access while connected to Cisco VPN?

as seen on Super User - Search for 'Super User'
How can I maintain local LAN access while connected to Cisco VPN? When connecting using Cisco VPN, the server has to ability to instruct the client to prevent local LAN access. Assuming this server-side option cannot be turned off, how can allow local LAN access while connected with a Cisco VPN… >>> More