Nmap Development mailing list archives
Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach
From: Fyodor <fyodor () insecure org>
Date: Sun, 4 Feb 2007 18:30:13 -0800
On Sun, Feb 04, 2007 at 07:53:13PM -0600, Kris Katterjohn wrote:
Does this not test to see if this packet is coming from the host and not a separate device?
Well, the problem is that the firewalls often forge the source address so it looks like the packets are coming from the machine you are targetting. Or the firewalls can be systems such as iptables which actually are running on the target host itself, so they don't have to forge packets at all. So determining what is really going on requires TTL checking and similar advanced investigations. Of course these firewalls sometimes forge RST packets, which gives Nmap the opposite problem. But like I said, I'm open to the change if you find that a significant number of hosts (not firewall software) send icmp-port-unreach responses to TCP probes. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Kris Katterjohn (Feb 04)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Jan Engelhardt (Feb 05)
- Re: [Exp PATCH] Call port closed in any protocol with ICMP Port Unreach Fyodor (Feb 04)