On Wed, Jan 19, 2005 at 11:43:21AM +0100, Martin Mačok wrote:
> My idea to fix this is implementing an optional SYN scan variant that
> (1) does not distinguish between closed and filtered ports and (2) do
> not change timing/retrans values when (not) getting RST,ACK (late or
> if ever). Ie. it would just catch open ports and report others as
> "closed|filtered".
... and here you are (-sS --defeat_rst_ratelimit):
http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.81-defeat_RST_ratelimit.patch
(This patch assumes defeat_ICMP_ratelimit patch is applied because it
touches the same code. I could make a patch that does not depend on it
if someone really insists on it though...)
If you don't have Solaris 9 you can simulate it (not exactly, but very
close) on Linux with something like:
# iptables -A INPUT -i lo -p tcp -m multiport --destination-ports 25,53,8080,8081 -j ACCEPT
# iptables -A INPUT -i lo -p tcp -m limit --limit 40/s -j REJECT --reject-with tcp-reset
# iptables -A INPUT -i lo -p tcp -j DROP
Martin Mačok
ICT Security Consultant
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Feb 13 2005
Intro
