The attached patch (/nmap-exp/kris SVN r4472) makes it so that if we get
an ICMP Port Unreachable from the target host involving any protocol
that we call the port closed. The SVN log:
------------------------------------------------------------------------
r4472 | kris | 2007-02-04 18:28:37 -0600 (Sun, 04 Feb 2007) | 1 line
If we get a port unreachable from the target host, and we're not doing a
IPProto Scan, then we say the port is closed even if we're scanning
something like TCP. RFC 1122 says even if a protocol has a mechanism for
telling is it's closed (like RST in TCP), we must still accept a ICMP
Port Unreachable for the same thing.
------------------------------------------------------------------------
And here's exactly what the RFC 1122 says:
"A transport protocol that has its own mechanism for notifying the
sender that a port is unreachable (e.g., TCP, which sends RST segments)
MUST nevertheless accept an ICMP Port Unreachable for the same purpose."
Please let me know what you think about it.
Thanks,
Kris Katterjohn
Index: scan_engine.cc
===================================================================
--- scan_engine.cc (revision 4471)
+++ scan_engine.cc (revision 4472)
@@ -3060,13 +3060,12 @@
newstate = PORT_FILTERED;
break;
case 3: /* Port unreach */
- if (USI->scantype == UDP_SCAN &&
- hss->target->v4hostip()->s_addr == ip->ip_src.s_addr)
- newstate = PORT_CLOSED;
- else if (USI->scantype == IPPROT_SCAN &&
- hss->target->v4hostip()->s_addr == ip->ip_src.s_addr)
- newstate = PORT_OPEN;
- else
+ if (hss->target->v4hostip()->s_addr == ip->ip_src.s_addr) {
+ if (USI->scantype == IPPROT_SCAN)
+ newstate = PORT_OPEN;
+ else
+ newstate = PORT_CLOSED;
+ } else
newstate = PORT_FILTERED;
break;
case 9: /* dest. net admin prohibited */
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 04 2007
Intro
