Nmap Development mailing list archives
Re: Detecting upstream filters
From: Fyodor <fyodor () insecure org>
Date: Mon, 5 Mar 2001 19:39:49 -0800 (PST)
On Tue, 27 Feb 2001, Rasmus Andersson wrote:
My idea is to detect any ICMP-unreachable that originates from an intermediate host [any host except the target], and include that in the output, something like this:
Yes, I agree that this can be important information. In fact, my XML output proposal (http://lists.insecure.org/nmap-dev/2000/Jul-Sep/0038.html ) does contain this information: <port protocol="UDP" port="31337"> <state state="filtered" conf="5" /> <filteredby><packet proto="ICMP" type="3" code="3" name="ICMP port unreachable" srcipaddr="10.3.7.4" ip_v="4" /> </filteredby> <service name="backorifice" conf="3" method="table" /> </port> Unfortunately, Nmap does not yet have code to output this. However, I would accept a quality patch which adds this functionality to both pos_scan and super_scan. I don't know about printing it in the normal output -- I wouldn't want to do it for each port (that space to the right is reserved). But perhaps if all the "filtered' ports are blocked by the same machine, a line could be printed above the port list specifying the filter IP. Note that Nmap already does detect those ICMP unreachables from machines other than the target and it takes the appropriate action (eg figures out what port they are referring to and marks it as filtered). Nmap just isn't verbose about it. Cheers, -F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Re: Detecting upstream filters Ryan Permeh (Feb 27)
- Message not available
- Message not available
- Re: Detecting upstream filters Rasmus Andersson (Mar 05)
- Message not available
- Message not available
- <Possible follow-ups>
- Re: Detecting upstream filters Fyodor (Mar 05)