My Sophos XG has 4 networks:
- 192.168.3.0/24: Guest network, variable devices
- 192.168.4.0/24: Internal net, at most 30 devices
- 192.168.5.0/24: Internal too, mostly VM's and 2 physical PC's
- 192.168.6.0/24: Test network, 0 IP's used besides the Sophos Interface on 192.168.6.1
I got a host on 192.168.5.7 which has Nmap installed.
I just performed a scan:
Test 1: Command: nmap -sn 192.168.5.0/24
Result: Nmap done: 256 IP addresses (9 hosts up) scanned in 2.32 seconds - This is correct.
Test 2: Command: nmap -sn 192.168.4.0/24
Result: Nmap done: 256 IP addresses (253 hosts up) scanned in 1.36 seconds
Test 3: Command used: nmap -sn 192.168.255.0/24
Result: Nmap done: 256 IP addresses (256 hosts up) scanned in 0.09 seconds
How does this work? I have NO hosts on 192.168.255.0/24.. it's not even connected to the XG..
192.168.4.0/24 has 253 hosts up where there should be 20 at most.
The UTM 9 did NOT do this and would show hosts properly offline.
What does the Sophos XG do? reply for hosts that's not there? How can I disable this behaviour?
If I run nmap I want the honest results and see which hosts are available and which are not.
This thread was automatically locked due to age.
