Hey everyone!
I have attached a patch to implement a new ping type, much like the
current IPProto scan (-sO). Hopefully it'll slip by some setups to
reveal up hosts, or provide a less-watched host discovery mechanism.
It's used with "-PO" (the letter O) to go along with "-sO", and I
renamed references to "-P0" (zero) to "-PN". Fyodor agreed with this
change, so I'm not completely messing everything up :)
I haven't changed the refguide for this patch (to add -PO and change
-P0) because that would've been too big I think.
Currently the default is to send with protocols numbers 1 (ICMP), 2
(IGMP), 6 (TCP), and 17 (UDP). 1, 6, and 17 generally reply with the
protocol rather than ICMP Protocol Unreachables. 2 now seems to
generally return Proto Unreachables despite me adding a header to it a
long time ago (last year sometime I believe).
Some stats:
500 random hosts (the same for both):
-PS21,22,23,25,80,113: 27 up
-PO: 30 up
5000 random hosts, solely using IGMP:
-PO2: 37 up (29 of which were Protocol Unreachables)
I've had hosts get picked up with Protocol Unreachables that weren't
picked up with other ping types, which is one of the things I hoped for
when I thought of this.
This can also be seen as a "general" ping type as by default it sends
the main protocols (using this I've gotten hosts that send back all the
different protocol responses that wouldn't have been picked up with
specifying all the different kinds).
Please test and, as usual, any comments or suggestions are welcome!
Thanks,
Kris Katterjohn
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 24 2007
Intro
