Este é um bug conhecido que afeta o Nmap no Windows a partir da versão 6. A solução alternativa, como você descoberto, é especificar manualmente a interface correta usando a opção -e .
C:\Windows\system32>nmap --iflist
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-31 06:51 Central Daylight Time
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
eth0 (eth0) fe80::797f:b9b6:3ee0:27b8/64 ethernet down 1500 5C:AC:4C:E9:2D:46
eth0 (eth0) 169.254.39.184/4 ethernet down 1500 5C:AC:4C:E9:2D:46
eth1 (eth1) fe80::5c02:7e48:8fbe:c7c9/64 ethernet down 1500 00:FF:3F:7C:7C:2B
eth1 (eth1) 169.254.199.201/4 ethernet down 1500 00:FF:3F:7C:7C:2B
eth2 (eth2) fe80::74e4:1ab7:1b7d:a0d0/64 ethernet up 1500 14:FE:B5:BA:8A:C3
eth2 (eth2) 10.0.0.0.253/24 ethernet up 1500 14:FE:B5:BA:8A:C3
eth3 (eth3) fe80::b03e:ddf5:bb5c:5f76/64 ethernet up 1500 00:50:56:C0:00:01
eth3 (eth3) 169.254.95.118/16 ethernet up 1500 00:50:56:C0:00:01
eth4 (eth4) fe80::b175:831d:e60:27b/64 ethernet up 1500 00:50:56:C0:00:08
eth4 (eth4) 192.168.153.1/24 ethernet up 1500 00:50:56:C0:00:08
lo0 (lo0) ::1/128 loopback up -1
lo0 (lo0) 127.0.0.1/8 loopback up -1
tun0 (tun0) fe80::100:7f:fffe/64 point2point down 1280
tun1 (tun1) (null)/0 point2point down 1280
tun2 (tun2) fe80::5efe:a9fe:5f76/128 point2point down 1280
tun3 (tun3) (null)/0 point2point down 1280
tun4 (tun4) fe80::5efe:c0a8:9901/128 point2point down 1280
tun5 (tun5) fe80::5efe:ac14:fd/128 point2point down 1280
DEV WINDEVICE
eth0 \Device\NPF_{0024872A-5A41-42DF-B484-FB3D3ED3FCE9}
eth0 \Device\NPF_{0024872A-5A41-42DF-B484-FB3D3ED3FCE9}
eth1 \Device\NPF_{3F7C7C2B-9AF3-45BB-B96E-2F00143CC2F7}
eth1 \Device\NPF_{3F7C7C2B-9AF3-45BB-B96E-2F00143CC2F7}
eth2 \Device\NPF_{08116FE5-F0FF-498A-9BF1-515528C57C13}
eth2 \Device\NPF_{08116FE5-F0FF-498A-9BF1-515528C57C13}
eth3 \Device\NPF_{AA83C6CE-AB2E-4764-92D1-CDEAFBA7AD21}
eth3 \Device\NPF_{AA83C6CE-AB2E-4764-92D1-CDEAFBA7AD21}
eth4 \Device\NPF_{D0679889-E9D4-411D-BDC5-F4DDB758E151}
eth4 \Device\NPF_{D0679889-E9D4-411D-BDC5-F4DDB758E151}
lo0 <none>
lo0 <none>
tun0 <none>
tun1 <none>
tun2 <none>
tun3 <none>
tun4 <none>
tun5 <none>
**************************ROUTES**************************
DST/MASK DEV GATEWAY
192.168.153.255/32 eth0
255.255.255.255/32 eth0
255.255.255.255/32 eth0
127.0.0.1/32 eth0
127.255.255.255/32 eth0
255.255.255.255/32 eth0
169.254.95.118/32 eth0
169.254.255.255/32 eth0
10.0.0.0.253/32 eth0
255.255.255.255/32 eth0
10.0.0.0.255/32 eth0
255.255.255.255/32 eth0
192.168.153.1/32 eth0
255.255.255.255/32 eth0
10.0.0.0.0/24 eth0
192.168.153.0/24 eth0
10.10.10.0/24 eth0 10.0.0.0.4
169.254.0.0/16 eth0
127.0.0.0/8 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
0.0.0.0/0 eth0 10.0.0.0.1
JMeterX - Eu escrevi dessa maneira na esperança de aumentar a eficácia da resposta, mas essa provavelmente não foi a escolha mais inteligente. IMHO o problema (pode ser um sintoma) é que o nmap escolhe retardadamente a eth0 como a interface de gateway para toda e qualquer rede. Aqui está o resultado:
C:\Windows\system32>nmap 10.0.0.55
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-31 07:43 Central Daylight Time
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.95 seconds
C:\Windows\system32>nmap -e eth2 10.0.0.55
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-31 07:44 Central Daylight Time
Nmap scan report for esxy5.dionne.net (10.0.0.55)
Host is up (0.00070s latency).
Not shown: 991 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
427/tcp open svrloc
443/tcp open https
902/tcp open iss-realsecure
5988/tcp closed wbem-http
5989/tcp open wbem-https
8000/tcp open http-alt
8100/tcp open xprint-server
MAC Address: 00:1F:29:59:C7:03 (Hewlett-Packard Company)
Nmap done: 1 IP address (1 host up) scanned in 5.29 seconds
Só para ficar claro, é isso que faz absolutamente nenhum sentido para mim. Para referência, incluí informações semelhantes de um Ubuntu (que funciona normalmente) vm no host afetado abaixo.
Jacked Windows 7
**************************ROUTES**************************
DST/MASK DEV GATEWAY
192.168.153.255/32 eth0
255.255.255.255/32 eth0
255.255.255.255/32 eth0
127.0.0.1/32 eth0
127.255.255.255/32 eth0
255.255.255.255/32 eth0
169.254.95.118/32 eth0
169.254.255.255/32 eth0
10.0.0.0.253/32 eth0
255.255.255.255/32 eth0
10.0.0.0.255/32 eth0
255.255.255.255/32 eth0
192.168.153.1/32 eth0
255.255.255.255/32 eth0
10.0.0.0.0/24 eth0
192.168.153.0/24 eth0
10.10.10.0/24 eth0 10.0.0.0.4
169.254.0.0/16 eth0
127.0.0.0/8 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
224.0.0.0/4 eth0
0.0.0.0/0 eth0 10.0.0.0.1
Trabalhando no Ubuntu VM
root@ubuntu:~# nmap --iflist
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-31 07:44 PDT
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MAC
lo (lo) 127.0.0.1/8 loopback up
eth0 (eth0) 172.20.0.89/24 ethernet up 00:0C:29:0A:C9:35
eth1 (eth1) 192.168.225.128/24 ethernet up 00:0C:29:0A:C9:3F
eth2 (eth2) 192.168.150.128/24 ethernet up 00:0C:29:0A:C9:49
**************************ROUTES**************************
DST/MASK DEV GATEWAY
192.168.225.0/0 eth1
192.168.150.0/0 eth2
172.20.0.0/0 eth0
169.254.0.0/0 eth0
0.0.0.0/0 eth0 172.20.0.1
root@ubuntu:~# nmap esxy2
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-31 07:44 PDT
Nmap scan report for esxy2 (172.20.0.52)
Host is up (0.00036s latency).
rDNS record for 172.20.0.52: esxy2.dionne.net
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
427/tcp closed svrloc
443/tcp open https
902/tcp closed iss-realsecure
8000/tcp open http-alt
8100/tcp open unknown
MAC Address: 00:04:23:B1:FA:6A (Intel)
Nmap done: 1 IP address (1 host up) scanned in 4.76 seconds
Este é um bug conhecido que afeta o Nmap no Windows a partir da versão 6. A solução alternativa, como você descoberto, é especificar manualmente a interface correta usando a opção -e .