Nmap Development: Re: Locating filtering hosts

["Arturo \"Buanzo\" Busleiman" <buanzo () buanzo com ar>]

The filtering is probably being done by a bridged box between two routers,
thus not having a physical "hop".

--
Arturo "Buanzo" Busleiman - www.buanzo.com.ar - GNU/Linux Documentation
President, Open Information System Security Group - Argentina

FAN DE MARFIL - Power Rock Romantico - http://www.buanzo.com.ar/files/marfil/


On Mon, 27 Sep 2004, Bill Moseley wrote:

> Is there a way to have nmap find the host that may be filtering
> ports between two machines?
>
> I have a remote host that looks like this:
>
>     (The 1656 ports scanned but not shown below are in state: filtered)
>     PORT   STATE  SERVICE
>     21/tcp open   ftp
>     22/tcp open   ssh
>     53/tcp closed domain
>     80/tcp open   http
>
> The remote machine is not dropping/filtering, but some host along the
> way.
>
> I used tcptraceroute to port 80 and the compared that result with a
> tcptraceroute to a port that is dropping the SYN packets to figure out
> what host is filtering.  I looked over the nmap man page again and
> didn't see where nmap could do this.  I see there's a -ttl option
> which might be useful.
>
> Could nmap, perhaps, change the ttl to locate where the filtering is
> happening?
>
>
>
>
>
> --
> Bill Moseley
> moseley () hank org
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help () insecure org . List archive: http://seclists.org

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org