Hi everyone! The other day I encountered a problem scanning Windows 11 systems. After the latest update, it began to block all attempts to scan.
Part 1
First, I checked whether the host responded normally ICMP ping to which I received that the host is down. But you could make sure it works using an ARP scan, and besides, I did it on my home PC running Windows 11. After much experimentation with nmap flags -Pn, -dd, -f, -r, --mtu … --data-length … , --ttl … , -sS, -sW, -sA, -PE And others to select the best scanning option. In any scenario I get the answer that all ports are ignored for a --reason “no response”.
Part 2
To monitor on Windows 11, I ran python http.server 80 And lo and behold, the only port 80 began to respond to scans excluding basic ones 139, 137, 445 etc.
Part 3
Finally, I installed Nmap directly on Windows 11 to scan the local host and make sure that the ports were actually open and responding. And then I received a complete list of Windows ports like this 139, 137, 445, 5007 etc.
Part 4
I asked a friend to try this on his Windows 11 system and he got the same result as me
Is it possible to access these ports from outside. To use tools such as smbmap, smbcli, enum4linux etc. Because in such a scenario they do not work.