On Feb 4 2007 17:03, Fyodor wrote:
>On Sun, Feb 04, 2007 at 06:36:42PM -0600, Kris Katterjohn wrote:
>> The attached patch (/nmap-exp/kris SVN r4472) makes it so that if we get
>> an ICMP Port Unreachable from the target host involving any protocol
>> that we call the port closed. The SVN log:
>
>Hi Kris. Despite what the RFCs say, I think that when we receive an
>ICMP port unreachable message in response to a TCP query, that ICMP
>unreachable packet was generally sent by a firewall or other filtering
>device as opposed to the end host. But I could be wrong. Have you
>found any target IPs which respond in this fashion?
iptables -A fuzzle -m statistic --mode random --probability 0.50 \
-j REJECT --reject-with tcp-rst;
iptables -A fuzzle -j REJECT --reject-with icmp-host-unreach;
iptables -A INPUT -p tcp {-m I_Dont_Like_That_Packet} -j fuzzle;
> If so, I think it
>is worth investigating whether the packets are produced by firewall
>software (either running on the destination host, or in front of it),
>or if the destination host sends these responses rather than a RST for
>some reason. If you haven't seen this happen, then I think we should
>hold off on making any such changes to /nmap until we have some
>empirical data.
>
>Cheers,
>Fyodor
Jan
--
ft: http://freshmeat.net/p/chaostables/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 05 2007
Intro
