On Tue, Jan 21, 2003 at 05:53:12PM -0800, Andy Lutomirski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I noticed today that some Linksys boxes can be set to "filter"
> incoming TCP and UDP, but apparently will always (except for
> rate-limiting) return port unreachable for UDP. While this can be
> easily used to detect them in current build (nmap -sU -p33333 -P0
> <box>), it would be nice to have it as a ping mode (nmap -sP
> - -P<whatever> -PU33333 <range>).
Hi Andy. I have also wanted -PU for a while, so today I implemented
it. It takes a port range (like -PS or -PA) and sends a UDP packet to
each given port. If a port unreachable (or udp response) is returned,
the host is considered to be up. When testing, I was surprised to see
an unusual box up on my home network! Further investigation revealed
that it was indeed a Linksys ("WAN Port") which does not respond to
the normal Nmap ICMP/TCP probes and so I hadn't even realized it was
there!
This capability will be in the next version, which will either be
released in the next few days or a couple weeks from now when I return
from the CanSecWest and RSA conferences. If I don't make a public
release, I'll try to at least stick something new at
http://download.insecure.org/nmap/dist/?M=D before I leave on Tuesday.
> This also suggests another feature idea: report which ping(s) a host
> responded to.
Then Nmap would have to wait for responses (or timeout) to every
probe. I like being able to short circuit that if a response comes in
early. All of the TCP & UDP "ping" types have port scan equivalents
that can be used (with -P0) if you want to determine which ports are
listening. Ping scan is just to determine what hosts are responsive.
Cheers,
-F
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Apr 04 2003
Intro
