|
Nmap Development
mailing list archives
Re: NMAP : Different interpretation of "filtered" ports depending on -sS or -sT options. Bug ?
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 7 Jan 2005 13:02:29 +0100
On Fri, Jan 07, 2005 at 06:07:14AM -0500, Adam Jacob Muller wrote:
That's a side affect of the fact that -sS is a syn half-open scan
So it basically can't tell the difference between a filtered and a
closed port.
That is not true. See scan_engine.cc:get_pcap_result() ...
Actually, the connect() scan could have problems in telling the
difference between filtered and closed ports because when ICMP DU/PU
is received then connect() returns ECONNREFUSED (just like when RST is
received).
http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.78-CONNECT-closedfiltered.patch
Martin Mačok
ICT Security Consultant
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
| 
Intro
