Home page logo
/

nmap-dev logo Nmap Development mailing list archives

feature suggestion: --udp_reliable
From: Florin Andrei <florin () sgi com>
Date: 22 Nov 2002 23:52:35 -0800

Quoting from the manual page:

##################
UDP scans: This method is used  to  determine  which  UDP  (User
Datagram Protocol, RFC 768) ports are open on a host.  The tech‐nique is
to send 0 byte udp packets to each port on  the  target machine. If we
receive an ICMP port unreachable message, then the port is closed.
Otherwise we assume it is open.
##################

I agree with the logic behind this decision (assume the unresponsive
ports to be open). It is the normal thing to do, given the fact that
portscans over the Internet are often made in an environment with a lot
of packet losses.

However, it might be useful to let users "who know what they are doing"
to tweak this behaviour. For example, some simple Windows firewalls
(yeah, i know :-P) choose to just drop packets, without sending back an
ICMP-port-unreachable. nmap will interpret that as an open port, which
is false.
When portscanning in a reliable environment, like in the same LAN, with
no network load/losses/collisions, you can be pretty much sure you will
receive any port unreachable when it is sent back to you.

That's why i think it would be useful to have an option to mark
unresponsive UDP ports as "filtered", just the same as the ports that
send back port-unreachable, and mark "open" only the ports that actually
send back a UDP reply.
Of course, in this case nmap should be more persistent and try a few
more times before giving up and marking the port as "filtered".

The lack of this option caused me much grief tonight when i tried to
debug some Windows firewall; i thought it didn't blocked some UDP ports,
when in fact it was blocking them too well, but nmap thought the ports
were open because they were not responding. :-(
Only when i started tcpdump i saw what the truth really was.

-- 
Florin Andrei

It's ok to use the names of your pets or children as passwords
as long as they contain several non-alphanumeric characters.


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]