Nmap Development mailing list archives
Deny/Reject patch again !
From: Guillaume Valadon <guillaume () valadon net>
Date: Mon, 29 Oct 2001 23:32:34 +0100
hi guys, I tried to put all the good ideas you send into nmap, but i had few problems. It's work for me, but i don't like the way it is. First, i don't know exactly where to store the source IP address of the received icmp packet. I added an address filed to the "struct port", ok it's works but it's ugly ... I will be cool if we can store those IPs in an another structure like: struct portunr { u16 portno; struct in_addr address; struct portunr *next; } If a port is flag as unreachable we can fetch the IP address in this list. On the other hand, the output made me crazy. If we receive an icmp from a host different from the destination of the scan : 1/tcp Port Unr. from 192.168.0.1 tcpmux If it's the same 1/tcp Port Unr. tcpmux Those codes descriptions are too big ... 9/tcp Dst Net Admin. prohibited discard 10/tcp Dst Host Admin. prohibited unknown 13/tcp Com. Admin prohibited daytime Do you have ideas for the output ? I didn't manage to have something sexy. Finally, nmap seems to be very strict on codes of icmp unreachable packet he could receive. It only accepts code 0, 1, 2, 3, 9 10 & 13. Is there a good reason to only accept those codes ? Moreover there is something weird, i played with my ipfilter and is return-icmp and "bind" an icmp unreachable with a tcp port in order to test the patch output :*) block return-icmp(net-unr) in log quick on ed0 proto tcp from any to 192.168.0.3 port = 1 block return-icmp(host-unr) in log quick on ed0 proto tcp from any to 192.168.0.3 port = 2 block return-icmp(port-unr) in log quick on ed0 proto udp from any to 192.168.0.3 port = 3 block return-icmp(needfrag) in log quick on ed0 proto tcp from any to 192.168.0.3 port = 4 ... ./nmap -P0 -sS spooky -p1-15 [ cut output about unexpected icmp codes ] Interesting ports on spooky.county.er (192.168.0.3): (The 1 port scanned but not shown below is in state: closed) Port State Service 1/tcp Net Unr. tcpmux 2/tcp Host Unr. compressnet 3/tcp Port Unr. compressnet 4/tcp filtered unknown 5/tcp filtered rje 6/tcp filtered unknown 7/tcp filtered echo 8/tcp filtered unknown 9/tcp Dst Net Admin. prohibited discard 10/tcp Dst Host Admin. prohibited unknown 11/tcp filtered systat 12/tcp filtered unknown 13/tcp Com. Admin prohibited daytime 14/tcp filtered unknown Ok, filtered is good. But with a super scan: # ./nmap -P0 -sX spooky -p1-15 Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Interesting ports on spooky.county.er (192.168.0.3): (The 1 port scanned but not shown below is in state: closed) Port State Service 1/tcp Net Unr. tcpmux 2/tcp Host Unr. compressnet 3/tcp Port Unr. compressnet 4/tcp open unknown 5/tcp open rje 6/tcp open unknown 7/tcp open echo 8/tcp open unknown 9/tcp Dst Net Admin. prohibited discard 10/tcp Dst Host Admin. prohibited unknown 11/tcp open systat 12/tcp open unknown 13/tcp Com. Admin prohibited daytime 14/tcp open unknown Thoses ports are not filter, i think that it's a bug ... What should we do ? 'Support' more icmp codes ? @+ guillaume -- mailto:guillaume () valadon net ICQ uin : 1752110 Page ouebe : http://guillaume.valadon.net "Coding is like sex, it's dirty when it's good." - me :*) --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Deny/Reject patch again ! Guillaume Valadon (Oct 29)