Nmap Development mailing list archives
Re: Deny/Reject patch
From: Guillaume Valadon <guillaume () valadon net>
Date: Thu, 25 Oct 2001 20:17:25 +0200
re,
As seen in pen-test mailing list severals weeks ago some people find it usefull to know the kind of icmp unreachable we eventually got in response.Agreed. It is also useful to know the IP address which the unreachable came from.
I think it's not as trivial as the first patch i submited but i am working on it :*) It seems to be a deeper change to nmap as actually we can 'only' store state of port and others information but not an IP address. I don't know how to output the information correctly ... We can print when we receive the icmp from the target Port State Service 1/tcp Net Unr. tcpmux and if it was from another host : Port State Service 1/tcp Net Unr. from 192.168.0.5 tcpmux Please give me ideas :*)
By the way, I have a question : why the lamer udp scan is gone ?[..] http://lists.insecure.org/bugtraq/2001/Oct/0140.html :). On Solaris it is even less of a problem.
Is this the good link ? (or i didn't understand ...)
On Solaris, ipf and firewall-1 may send different "destination prohibited by filter" ICMP messages.
A strange thing with my FreeBSD 4.1.1 an ipfilter, i receive two differents icmp unreachable. If i send a packet to a closed port an to a reject port by ipfilter ... I made some experiments several weeks ago on firewalls fingerprinting (that is in fact icmp fingerprinting), and i think that we can get usefull informations from thoses icmp unreachable packet. But as you notice, there are some problems. I didn't think of this as a "real" fingerprint, but more than "hey, i got an icmp unr. and i can learn you something without sending more packets so let me explain" (in fact we must also add sound support to nmap, if it talks to us :*) bye, guillaume -- mailto:guillaume () valadon net ICQ uin : 1752110 Page ouebe : http://guillaume.valadon.net "Everybody be cool. You be cool" - Seth Gecko --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Deny/Reject patch Guillaume Valadon (Oct 24)
- RE: Deny/Reject patch Ofir Arkin (Oct 24)
- Re: Deny/Reject patch Fyodor (Oct 24)
- RE: Deny/Reject patch Ofir Arkin (Oct 24)
- Re: Deny/Reject patch Guillaume Valadon (Oct 25)