nmap shows active microcontrollers

All ESP8266 boards running MicroPython.
Official boards are the Adafruit Huzzah and Feather boards.
Target audience: MicroPython users with an ESP8266 board.
Post Reply
jimako
Posts: 14
Joined: Fri Dec 23, 2016 6:36 pm

nmap shows active microcontrollers

Post by jimako » Wed May 09, 2018 2:05 pm

Doing a scan using nmap an ESP is discoverable. I was wondering if anyone can shed some light on why this happens. The ESP is configured as STA_IF and AP_IF is disabled.

Code: Select all

ap_if = network.WLAN(network.AP_IF)
sta_if = network.WLAN(network.STA_IF)

ap_if.active(False)
sta_if.active(True)
The nmap command is:

Code: Select all

nmap -sS 192.168.0.0/24
Why do the ESP respond? Thanks.

User avatar
kfricke
Posts: 342
Joined: Mon May 05, 2014 9:13 am
Location: Germany

Re: nmap shows active microcontrollers

Post by kfricke » Wed May 09, 2018 10:53 pm

Following the code example you are posting your station interface is set to be active (True).

jimako
Posts: 14
Joined: Fri Dec 23, 2016 6:36 pm

Re: nmap shows active microcontrollers

Post by jimako » Thu May 10, 2018 12:32 pm

kfricke wrote:
Wed May 09, 2018 10:53 pm
Following the code example you are posting your station interface is set to be active (True).
Yes, it is set to active so that I can connect to the network. Does that mean that it should also be discoverable (respond to requests) with nmap?

Thanks.
Last edited by jimako on Thu May 10, 2018 4:13 pm, edited 2 times in total.

User avatar
kfricke
Posts: 342
Joined: Mon May 05, 2014 9:13 am
Location: Germany

Re: nmap shows active microcontrollers

Post by kfricke » Thu May 10, 2018 3:34 pm

You’re are using TCP SYN scan technique of nmap. It can even detect a device with no open port like your ESP.

So yes it can see the device in this state. The ESP network interface should be disabled to deactivate the device detection.

jimako
Posts: 14
Joined: Fri Dec 23, 2016 6:36 pm

Re: nmap shows active microcontrollers

Post by jimako » Thu May 10, 2018 7:23 pm

kfricke wrote:
Thu May 10, 2018 3:34 pm
You’re are using TCP SYN scan technique of nmap. It can even detect a device with no open port like your ESP.

So yes it can see the device in this state. The ESP network interface should be disabled to deactivate the device detection.
I see. Thank you for the explanation.

Post Reply