nmap icon indicating copy to clipboard operation
nmap copied to clipboard
verified publisher icon nmap

Recent version of 'nmap -S <IP>' fail with 'setup_target: failed to determine route to <IP>'. It works on an older version

Open tom-crane opened this issue 1 year ago • 3 comments

Describe the bug

This command,

nmap -e eth0 -S <source IP> -Pn -p 80,443 <webserver hostname>

works as expected using nmap-5.51. The command is run on a server on a network which has a border firewall. The webserver is on the outside of the firewall. By default all packets are dropped on the firewall. The server has rules on the firewall granting it access to the webserver etc. The motivation is to check the firewall is working and its ruleset is intact. The Source IP address is for an unused IP on the same network as the server. That IP has no access through the firewall.

The same command on the same server fails with nmap-7.92 fails with

setup_target: failed to determine route to webserver IP

To Reproduce Command as above

Expected behavior The webserver ports are reported as filtered showing the firewall ruleset is working. This works with nmap-5.51, giving,

PORT STATE SERVICE 80/tcp filtered http 443/tcp filtered https

Version info (please complete the following information):

  • OS: Alma9 linux, kernel 5.14.0-427.40.1.el9_4.x86_64
  • Output of nmap --version:

./nmap --version

Nmap version 5.51 ( http://nmap.org )

nmap --version

Nmap version 7.92 ( https://nmap.org ) Platform: x86_64-redhat-linux-gnu Compiled with: nmap-liblua-5.3.5 openssl-3.0.7 libz-1.2.11 libpcre-8.44 libpcap-1.10.0 nmap-libdnet-1.12 ipv6 Compiled without: libssh2 Available nsock engines: epoll poll select

NB: nmap-5.51 was built from source with './configure --without-openssl --without-zenmap' without which this old version would not build under Alma9.

  • Output of nmap --iflist NB: Other interfaces for other networks not included and IPs obfuscated for privacy.

nmap --iflist

Starting Nmap 7.92 ( https://nmap.org ) at 2024-10-25 19:27 BST INTERFACES DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 65536 lo (lo) ::1/128 loopback up 65536 eth0 (eth0) 123.123.129.45/22 ethernet up 1500 52:54:00:00:00:00

ROUTES DST/MASK DEV METRIC GATEWAY 123.123.128.0/22 eth0 100 0.0.0.0/0 eth0 100 123.123.128.4 ::1/128 lo 0

Additional context An explicit but IP/hostname obfuscated example command,

nmap -e eth0 -S 123.123.129.67 -Pn -p 80,443 www.ourdomain.ac.uk Starting Nmap 7.92 ( https://nmap.org ) at 2024-10-25 19:44 BST setup_target: failed to determine route to www.ourdomain.ac.uk(123.123.146.64) WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.09 seconds

Thanks Tom Crane

tom-crane avatar Oct 25 '24 19:10 tom-crane

I thought that something was wrong with the way I use the -S option but appearantly I am not the only one having that issue? Any updates on it?

westsiderz avatar Dec 16 '24 06:12 westsiderz

Any solution yet?

kris8987 avatar Jan 23 '25 02:01 kris8987

No. Afraid not. I have not heard anything back from the developers.

For the one-off need I had for this feature, I build an old version from source and used that.

Regards

Tom Crane

On 23/01/2025 02:10, kris8987 wrote:

Any solution yet?

— Reply to this email directly, view it on GitHubhttps://github.com/nmap/nmap/issues/2955#issuecomment-2608698931, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA6CWMTDS53Z6X3SXRCJTTD2MBFTHAVCNFSM6AAAAABQT3OLFGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMBYGY4TQOJTGE. You are receiving this because you authored the thread.Message ID: @.***>

This email, its contents and any attachments are intended solely for the addressee and may contain confidential information. In certain circumstances, it may also be subject to legal privilege. Any unauthorised use, disclosure, or copying is not permitted. If you have received this email in error, please notify us and immediately and permanently delete it. Any views or opinions expressed in personal emails are solely those of the author and do not necessarily represent those of Royal Holloway, University of London. It is your responsibility to ensure that this email and any attachments are virus free.

tom-crane avatar Jan 23 '25 14:01 tom-crane

hi guys any updates on this ? I tried the old source code and im going thru a dependency hell

Simo-94 avatar Sep 27 '25 21:09 Simo-94

I was still able to build the nmap 5.51 executable under Alma9 (RHEL9 derivative) using,

./configure --without-openssl --without-zenmap

if that helps...

No response yet from the developers to my original post.

tom-crane avatar Sep 29 '25 13:09 tom-crane

I did receive a response from possible developer on reddit who said that it is a regression and he will look into it and also mentioned that version 7.80 doesnt have this issue : https://www.reddit.com/r/nmap/comments/1ns69nb/nmap_failed_to_determine_with_s/

Simo-94 avatar Sep 29 '25 15:09 Simo-94

The fix for #2206 created this side effect in Nmap 7.92 through 7.98. This fix should resolve both issues.

dmiller-nmap avatar Oct 14 '25 21:10 dmiller-nmap