Nmap Development mailing list archives

Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach

From: Fyodor <fyodor () insecure org>
Date: Sun, 4 Feb 2007 17:03:45 -0800

On Sun, Feb 04, 2007 at 06:36:42PM -0600, Kris Katterjohn wrote:

The attached patch (/nmap-exp/kris SVN r4472) makes it so that if we get
an ICMP Port Unreachable from the target host involving any protocol
that we call the port closed. The SVN log:


Hi Kris.  Despite what the RFCs say, I think that when we receive an
ICMP port unreachable message in response to a TCP query, that ICMP
unreachable packet was generally sent by a firewall or other filtering
device as opposed to the end host.  But I could be wrong.  Have you
found any target IPs which respond in this fashion?  If so, I think it
is worth investigating whether the packets are produced by firewall
software (either running on the destination host, or in front of it),
or if the destination host sends these responses rather than a RST for
some reason.  If you haven't seen this happen, then I think we should
hold off on making any such changes to /nmap until we have some
empirical data.

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
  - Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
    - Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
    - Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
  - Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Jan Engelhardt (Feb 05)