Nmap Development mailing list archives
solaris rate-limiting RST,ACK (SYN scan)
From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 19 Jan 2005 11:43:21 +0100
Today, I have come around Solaris 9 box which rate-limits RST,ACK packets (response to SYN probe against closed port). SYN,ACK packets are NOT rate-limited. The box should be in default setup (no firewall, no special tuning). This leads to a very slow portscanning even on a local network (though limiting retransmittions and max scan delay helps a bit but leads to many closed ports/other filtered in the result). My idea to fix this is implementing an optional SYN scan variant that (1) does not distinguish between closed and filtered ports and (2) do not change timing/retrans values when (not) getting RST,ACK (late or if ever). Ie. it would just catch open ports and report others as "closed|filtered". Something like "-sS --find_open_ports_only" ... Any comments? Martin Mačok ICT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- solaris rate-limiting RST,ACK (SYN scan) Martin Mačok (Jan 20)
- [patch] Re: solaris rate-limiting RST,ACK (SYN scan) Martin Mačok (Feb 13)