mailing list archives
From: "Donald McLachlan" <don_mclachlan () hotmail com>
Date: Tue, 27 Jun 2000 15:24:27 EDT
This is not really an nmap question, but I did use nmap to gather the
basic research provided below, and I feel experienced nmap users
may be able to answer the 2 questions below.
I'm doing some research with the aim of developing a new security
tool. My desire (for now) is to elicit a TCP packet from end systems.
Any old TCP packet from the end system is fine, and in fact if it
returns the same packet whether the port is open or closed, that
might be more palatable to some security minded folks. Therefore I'm
looking at using either an ACK or FIN+ACK or SYN+ACK, or SYN+FIN+ACK
packet; all of which are supposed to elicit an RST packet.
My naive feeling is that from the Internet packets to open ports
have the best chance of reaching end systems. So I did some testing
on a network and I found the top 10 open ports (10 ignoring the
small services) were:
512, 513, 13, 21, 23, 111, 19, 7, 9, 135, 514, 515, 139
Further research revealed that I could reach all the hosts on that
net by looking at just these ports
139, 111, 514, 515
Now my questions: (in your experience ...)
- From the Internet, packets with which TCP flag combinations are
most likely to reach end systems?
- From the Internet, packets to/from which TCP ports are most
likely to reach end systems?
P.S. Yes, I suppose I could use nmap to find the answers to these
questions myself, but that is not the sort of activity I want
to be doing, and I'm sure someone has already done it and knows
P.P.S. (for later) Which udp ports are most reachable from the
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
- TCP questions Donald McLachlan (Jun 27)