Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: feature suggestion: --udp_reliable
From: Fyodor <fyodor () insecure org>
Date: Sat, 23 Nov 2002 00:15:51 -0800

On Fri, Nov 22, 2002 at 11:52:35PM -0800, Florin Andrei wrote:

That's why i think it would be useful to have an option to mark
unresponsive UDP ports as "filtered", just the same as the ports that
send back port-unreachable, and mark "open" only the ports that actually
send back a UDP reply.

The problem with this is that most open UDP ports do NOT send back any
reply to the 0-byte UDP packet.  So "filtered" ports that do not send
back an ICMP administratively-prohibited erro look just like open
ports.  In that case, I would usually rather err on the side of
reporting filtered ports as open.  That is usually less dangerous than
giving people false assurance that all their ports are "filtered".
Perhaps I should add an "unknown" state.  At some point, Nmap may
provide an option to spend a bunch of application-specific UDP
packets.    That would help coax out resposes, and those responses
would tell not only that the port is open but what application service
is running.

Cheers,
-F


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault