mailing list archives
Re: NMAP performance patch (ICMP Unreachable rate limited)
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 16 Jun 2005 11:04:38 +0200
On Mon, Jun 13, 2005 at 12:10:17PM -0600, Alec H. Peterson wrote:
I applied this patch to 3.81, but it makes me wonder why it has not
been accepted into the actual distribution.
Fyodor's concern was that it could miss some open ports (though he did
not specified). I've disagreed ;-)
What are the consequences of using this patch?
AFAIK there aren't any (other than performance and bandwidth usage).
We are using this patch for several months in a proffessional
pentesting area without any problems so far.
On Mon, Jun 13, 2005 at 10:49:32PM +0200, Andreas Ericsson wrote:
That's one of Martin Méoks' (I'm nearly 100% sure I spelled the last
name wrong) creations.
That's true. My name is Martin Mačok (iso-latin2) which makes it
Martin Macok in ascii.
I believe it was just submitted at a bad time when the Fyodor was
revamping a lot of other functionality.
He was moving at the time and busy overall...
It's quite possible it was just forgotten, but I seem to remember at
least one user having problems with it not properly detecting some
hosts when it's a router that does the limiting (as opposed to the
final destination of the packet).
I don't remember such case. If someone has any problem with it, I'm
one big ear.
On Mon, Jun 13, 2005 at 11:05:50PM +0200, Andreas Ericsson wrote:
I believe there is a revised version which adds the
switch --defeat-icmp-rate_limit (or some such) and thus makes the fast
behaviour optional while keeping the default behaviour "clean". Perhaps
the original patch-author knows more.
No, you are mixing it with another similar patch that is defeating RST
rate-limit (fe. Solaris 9 does it). This patch is implemented as an
option (--defeat_rst_ratelimit) because when in use Nmap does not
distinguish between filtered and closed ports (both are
"filtered|closed" then). You could find it at
The ICMP-rate-limit patch is not implemented as a cmd-line option
because there is no reason to turn it "off" IMHO.
ICT Security Consultant
Sent through the nmap-dev mailing list