AnsweredAssumed Answered

Network Mapping - TCP RST

Question asked by ilouvatar on May 27, 2014
Latest reply on May 28, 2014 by ilouvatar


Hello All,

 

I need your assistance here. I ran a network mapping against a domain which included a few subnets. The scanner appliance was in one of them.

 

The mapping returned a huge number of hosts/instances discovered only by TCP RST. Thoses instances do not appear to have any DNS or Netbios Hostname or any OS identified.

 

Before ignore them completely, I thought it would be wise to raise this here so I fully understand what those instances are and basically what it means to discover something only by TCP RST? Is it something truly there or is it a false positive?

 

Then, I would like to understand whether that TCP RST discovery method is the last discovery method attempted by Network Mapping or not? That would help me understand whether Qualys scanner dropped its discovery methods after receiving that TCP RST packet or it continued with the rest ones as normal as per the scanning profile (Initial Options (Default)).

 

I hope my questions are comprehensive enough.

 

Thank you in advance.

Outcomes