Nmap Development mailing list archives
Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach
From: Fyodor <fyodor () insecure org>
Date: Sun, 4 Feb 2007 17:03:45 -0800
On Sun, Feb 04, 2007 at 06:36:42PM -0600, Kris Katterjohn wrote:
The attached patch (/nmap-exp/kris SVN r4472) makes it so that if we get an ICMP Port Unreachable from the target host involving any protocol that we call the port closed. The SVN log:
Hi Kris. Despite what the RFCs say, I think that when we receive an ICMP port unreachable message in response to a TCP query, that ICMP unreachable packet was generally sent by a firewall or other filtering device as opposed to the end host. But I could be wrong. Have you found any target IPs which respond in this fashion? If so, I think it is worth investigating whether the packets are produced by firewall software (either running on the destination host, or in front of it), or if the destination host sends these responses rather than a RST for some reason. If you haven't seen this happen, then I think we should hold off on making any such changes to /nmap until we have some empirical data. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Jan Engelhardt (Feb 05)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)