Why does nmap ping scan over a VPN link return all hosts alive?

Posted by ewwhite on Server Fault See other posts from Server Fault or by ewwhite
Published on 2012-11-22T20:18:23Z Indexed on 2012/11/23 11:02 UTC
Read the original article Hit count: 535

Filed under:
|
|
|

I'm curious as to why running an nmap -sP (ping scan) on a remote subnet linked via a Cisco site-to-site IPSec tunnel returns "host up" status for every IP in the range.

[root@xt ~]# nmap -sP 192.168.108.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-11-22 14:08 CST
Host 192.168.108.0 appears to be up.
Host 192.168.108.1 appears to be up.
Host 192.168.108.2 appears to be up.
Host 192.168.108.3 appears to be up.
Host 192.168.108.4 appears to be up.
Host 192.168.108.5 appears to be up.
.
.
.
Host 192.168.108.252 appears to be up.
Host 192.168.108.253 appears to be up.
Host 192.168.108.254 appears to be up.
Host 192.168.108.255 appears to be up.
Nmap finished: 256 IP addresses (256 hosts up) scanned in 14.830 seconds

However, a ping of a known-down IP simply times out or doesn't return anything...

[root@xt ~]# ping 192.168.108.201
PING 192.168.108.201 (192.168.108.201) 56(84) bytes of data.

--- 192.168.108.201 ping statistics ---
144 packets transmitted, 0 received, 100% packet loss, time 143001ms

Is there a more effective way to scan live devices connected in this manner?

© Server Fault or respective owner

Related posts about vpn

Related posts about cisco-vpn