Nmap Development mailing list archives

Fix for ICMP net unreachable in connect scan

From: Richard Moore <rich () westpoint ltd uk>
Date: Wed, 09 Feb 2005 15:26:45 +0000

First lets configure a host to send some 'weird' responses:

iptables -A INPUT -p TCP --dport 3 -j REJECT --reject-withicmp-net-unreachable


nmap will now abort as soon as it scans this port using a connect
scan, see below:

rich@fester:~/nmap-3.81> ./nmap -P0 -sT -p 3,4 pugsley

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-02-09 15:23 GMT

Strange SO_ERROR from connection to 192.168.3.46 (101) -- bailing scan :Operation now in progress


The fix is to treat this message as a way of filtering the
port. Patch below against 3.81.

Cheers

Rich.
--
Richard Moore, Principle Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

*** scan_engine.cc      2005-02-09 15:20:25.000000000 +0000
--- /home/rich/xx/nmap-3.81/scan_engine.cc      2005-02-09 15:18:57.000000000 +0000
***************
*** 2167,2179 ****
        case EHOSTUNREACH:
        case ETIMEDOUT:
        case EHOSTDOWN:
          /* It could be the host is down, or it could be firewalled.  We
             will go on the safe side & assume port is closed ... on second
             thought, lets go firewalled! and see if it causes any trouble */
          newstate = PORT_FILTERED;
          break;
        case ENETDOWN:
-       case ENETUNREACH:
        case ENETRESET:
        case ECONNABORTED:
          snprintf(buf, sizeof(buf), "Strange SO_ERROR from connection to %s (%d - '%s') -- bailing scan", 
host->target->targetipstr(), optval, strerror(optval) );
--- 2167,2179 ----
        case EHOSTUNREACH:
        case ETIMEDOUT:
        case EHOSTDOWN:
+       case ENETUNREACH:
          /* It could be the host is down, or it could be firewalled.  We
             will go on the safe side & assume port is closed ... on second
             thought, lets go firewalled! and see if it causes any trouble */
          newstate = PORT_FILTERED;
          break;
        case ENETDOWN:
        case ENETRESET:
        case ECONNABORTED:
          snprintf(buf, sizeof(buf), "Strange SO_ERROR from connection to %s (%d - '%s') -- bailing scan", 
host->target->targetipstr(), optval, strerror(optval) );

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Fix for ICMP net unreachable in connect scan Richard Moore (Feb 09)
- Re: Fix for ICMP net unreachable in connect scan Fyodor (Feb 09)