Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach

Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach

From: Fyodor <fyodor_at_insecure.org>
Date: Sun, 4 Feb 2007 17:03:45 -0800

On Sun, Feb 04, 2007 at 06:36:42PM -0600, Kris Katterjohn wrote:
> The attached patch (/nmap-exp/kris SVN r4472) makes it so that if we get
> an ICMP Port Unreachable from the target host involving any protocol
> that we call the port closed. The SVN log:

Hi Kris. Despite what the RFCs say, I think that when we receive an
ICMP port unreachable message in response to a TCP query, that ICMP
unreachable packet was generally sent by a firewall or other filtering
device as opposed to the end host. But I could be wrong. Have you
found any target IPs which respond in this fashion? If so, I think it
is worth investigating whether the packets are produced by firewall
software (either running on the destination host, or in front of it),
or if the destination host sends these responses rather than a RST for
some reason. If you haven't seen this happen, then I think we should
hold off on making any such changes to /nmap until we have some
empirical data.

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 04 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]