Deny/Reject patch

[Guillaume Valadon <guillaume () valadon net>]

Hi,

As seen in pen-test mailing list severals weeks ago some people find it
usefull to know the kind of icmp unreachable we eventually got in
response.

Fyodor said it was easy to add this feature to nmap so there it is. (it
may be ugly as i didn't nmap sources very well ...).

# ./nmap -sS pouet -p 3

Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on pouet (1.2.3.4):
Port       State          Service
3/tcp      unr. (code 1)  compressnet             


Nmap run completed -- 1 IP address (1 host up) scanned in 1 second


It doesn't work for none root port scans types as the "only" way to know
we got an icmp is to view it with a pcap. In fact, i made it "works" with 
linux and connect scan, quoting an old fyodor's paper:

"While non-root users can't read port unreachable errors directly, Linux 
is cool enough to inform the user indirectly when they have been received."

I became totally mad with my BSD before reading this two lines ...

By the way, I have a question : why the lamer udp scan is gone ? 

To conclude this mail, i want to start a talk about the utility to
fingerprints system with these icmp unreachable (if we got them, let's
use them, it can't kill us), i worked a little on this topic and i still
think it can "easily" be done.

@+
-- 
mailto:guillaume () valadon net
ICQ uin : 1752110

Page ouebe : http://guillaume.valadon.net

     "Everybody be cool. You be cool" - Seth Gecko

Attachment: nmap-DENY_REJECT.patch.gz
Description:

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).