That is correct. I noticed every try to do an OS detection with
nmap failed for incredibly strange reasons reported by nmap,
like no route to host even though the target was on the same
subnet. Nmap can't even ping on OpenBSD. At least not since 4.7.
And so I went on to really read the CAUTION message.
I very much need the pf enabled as I nat with it, so disabling
it is not an option.
I will try your suggestion Joachim and get back.
On Mon, 7 Mar 2011 11:42:26 +0100, Joachim Schipper wrote:
On Mon, Mar 07, 2011 at 11:34:50AM +0100, Daniel Gracia wrote:
El 07/03/2011 10:54, Henrik Engmark escribiC3:
>Is there a way, good or bad, to relax pf enough to let nmap do its
OS
>detection?
>I am on 4.8.
>
Way too vague question; you should at least describe the scenario.
I'm pretty certain he's just read /usr/ports/net/nmap/pkg/MESSAGE:
---
CAUTION!!! Using nmap with `-O' flag under OpenBSD machine with pf
enabled might hang nmap. It's caused by properly working pf which
will filter out all weird ip header flags sent by nmap.
---
But yes, if my earlier message isn't sufficient some clarification
would
be welcome.
Joachim
