Re: EACCES on connect

[David Fifield <david () bamsoftware com>]

On Thu, Aug 30, 2007 at 12:02:47AM -0700, Fyodor wrote:
> On Thu, Aug 30, 2007 at 12:48:15AM -0600, David Fifield wrote:
> > I suspect that his OS (Mac OS X) is not allowing him to ping broadcast
> > addresses and connect is returning EACCES. Is this right, or has anyone
> > else seen this? If so, we should add a case for EACCES and not mark the
> > host up.
>
> Yes, I think that is somewhast common.  My Linux box gives a different
> error ("Network is unreachable").  I agree the we should add a case
> for EACCES and not mark the host up.  Ideally we should avoid this
> probe being retransmitted too.  If there are probes to other ports, it
> might be best if we can keep those just in case only this one port is
> blocked (e.g. the machine may be configured to block outgoing requests
> to ports such as 25).  And if those other probes are similarly
> blocked, they should go super quick.  Obviously timing should not be
> updated based on these.  If it is easier just to mark the whole target
> IP as down when you see the EACCESS, that is OK with me too.  In the
> vast majority of cases, the IP will end up being marked as down
> anyway, I imagine.

Okay. The host is marked down. Any other outstanding probes will still
be processed, but no more probes will be sent.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org