Fyodor wrote:
> On Fri, Nov 22, 2002 at 11:52:35PM -0800, Florin Andrei wrote:
>
> >That's why i think it would be useful to have an option to mark
> >unresponsive UDP ports as "filtered", just the same as the ports that
> >send back port-unreachable, and mark "open" only the ports that actually
> >send back a UDP reply.
>
>
> The problem with this is that most open UDP ports do NOT send back any
> reply to the 0-byte UDP packet. So "filtered" ports that do not send
> back an ICMP administratively-prohibited erro look just like open
> ports. In that case, I would usually rather err on the side of
> reporting filtered ports as open. That is usually less dangerous than
I was thinking about this the other day, there should be an option (e.g.
--clarify) to clarify every state. Like this:
filtered (no response)
open (no response)
open (SYNACK recieved)
closed (RST recieved)
closed (ICMP port unreachable recieved)
firewalled (ICMP unreachable recieved from intermediate router)
...and so on, for every state in every scan type. I'll try writing it up
if I get the time. If anyone else wants to do it, please do!
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Nov 24 2002
Intro
