Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: feature suggestion: --udp_reliable
From: Fyodor <fyodor () insecure org>
Date: Sat, 23 Nov 2002 00:15:51 -0800

On Fri, Nov 22, 2002 at 11:52:35PM -0800, Florin Andrei wrote:

That's why i think it would be useful to have an option to mark
unresponsive UDP ports as "filtered", just the same as the ports that
send back port-unreachable, and mark "open" only the ports that actually
send back a UDP reply.

The problem with this is that most open UDP ports do NOT send back any
reply to the 0-byte UDP packet.  So "filtered" ports that do not send
back an ICMP administratively-prohibited erro look just like open
ports.  In that case, I would usually rather err on the side of
reporting filtered ports as open.  That is usually less dangerous than
giving people false assurance that all their ports are "filtered".
Perhaps I should add an "unknown" state.  At some point, Nmap may
provide an option to spend a bunch of application-specific UDP
packets.    That would help coax out resposes, and those responses
would tell not only that the port is open but what application service
is running.


For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]