|
Nmap Development
mailing list archives
solaris rate-limiting RST,ACK (SYN scan)
From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 19 Jan 2005 11:43:21 +0100
Today, I have come around Solaris 9 box which rate-limits RST,ACK
packets (response to SYN probe against closed port). SYN,ACK packets
are NOT rate-limited. The box should be in default setup (no firewall,
no special tuning).
This leads to a very slow portscanning even on a local network (though
limiting retransmittions and max scan delay helps a bit but leads to
many closed ports/other filtered in the result).
My idea to fix this is implementing an optional SYN scan variant that
(1) does not distinguish between closed and filtered ports and (2) do
not change timing/retrans values when (not) getting RST,ACK (late or
if ever). Ie. it would just catch open ports and report others as
"closed|filtered". Something like "-sS --find_open_ports_only" ...
Any comments?
Martin Mačok
ICT Security Consultant
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
- solaris rate-limiting RST,ACK (SYN scan) Martin Mačok (Jan 20)
|
Intro
