Nmap Development mailing list archives
[Exp PATCH] Call port closed in any protocol with ICMP Port Unreach
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sun, 04 Feb 2007 18:36:42 -0600
The attached patch (/nmap-exp/kris SVN r4472) makes it so that if we get an ICMP Port Unreachable from the target host involving any protocol that we call the port closed. The SVN log: ------------------------------------------------------------------------ r4472 | kris | 2007-02-04 18:28:37 -0600 (Sun, 04 Feb 2007) | 1 line If we get a port unreachable from the target host, and we're not doing a IPProto Scan, then we say the port is closed even if we're scanning something like TCP. RFC 1122 says even if a protocol has a mechanism for telling is it's closed (like RST in TCP), we must still accept a ICMP Port Unreachable for the same thing. ------------------------------------------------------------------------ And here's exactly what the RFC 1122 says: "A transport protocol that has its own mechanism for notifying the sender that a port is unreachable (e.g., TCP, which sends RST segments) MUST nevertheless accept an ICMP Port Unreachable for the same purpose." Please let me know what you think about it. Thanks, Kris Katterjohn
Index: scan_engine.cc
===================================================================
--- scan_engine.cc (revision 4471)
+++ scan_engine.cc (revision 4472)
@@ -3060,13 +3060,12 @@
newstate = PORT_FILTERED;
break;
case 3: /* Port unreach */
- if (USI->scantype == UDP_SCAN &&
- hss->target->v4hostip()->s_addr == ip->ip_src.s_addr)
- newstate = PORT_CLOSED;
- else if (USI->scantype == IPPROT_SCAN &&
- hss->target->v4hostip()->s_addr == ip->ip_src.s_addr)
- newstate = PORT_OPEN;
- else
+ if (hss->target->v4hostip()->s_addr == ip->ip_src.s_addr) {
+ if (USI->scantype == IPPROT_SCAN)
+ newstate = PORT_OPEN;
+ else
+ newstate = PORT_CLOSED;
+ } else
newstate = PORT_FILTERED;
break;
case 9: /* dest. net admin prohibited */
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Jan Engelhardt (Feb 05)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)