Nmap Development mailing list archives
RE: Deny/Reject patch
From: "Ofir Arkin" <ofir () sys-security com>
Date: Wed, 24 Oct 2001 23:23:56 +0200
Why not mapping the type and codes and just writing down the exact error message? Here are the exact type/code pairs: Type 3 Destination Unreachable Code List: 0 Net Unreachable 1 Host Unreachable 2 Protocol Unreachable 3 Port Unreachable 4 Fragmentation Needed and Don't Fragment was Set 5 Source Route Failed 6 Destination Network Unknown 7 Destination Host Unknown 8 Source Host Isolated 4 9 Communication with Destination Network is Administratively Prohibited 5 10 Communication with Destination Host is Administratively Prohibited 6 11 Destination Network Unreachable for Type of Service. 12 Destination Host Unreachable for Type of Service. 13 Communication Administratively Prohibited. 14 Host Precedence Violation 15 Precedence cutoff in effect Hope this helps. Ofir Arkin [ofir () sys-security com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA -----Original Message----- From: Guillaume Valadon [mailto:guillaume () valadon net] Sent: ד 24 אוקטובר 2001 22:29 To: nmap-dev () insecure org Subject: Deny/Reject patch Hi, As seen in pen-test mailing list severals weeks ago some people find it usefull to know the kind of icmp unreachable we eventually got in response. Fyodor said it was easy to add this feature to nmap so there it is. (it may be ugly as i didn't nmap sources very well ...). # ./nmap -sS pouet -p 3 Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Interesting ports on pouet (1.2.3.4): Port State Service 3/tcp unr. (code 1) compressnet Nmap run completed -- 1 IP address (1 host up) scanned in 1 second It doesn't work for none root port scans types as the "only" way to know we got an icmp is to view it with a pcap. In fact, i made it "works" with linux and connect scan, quoting an old fyodor's paper: "While non-root users can't read port unreachable errors directly, Linux is cool enough to inform the user indirectly when they have been received." I became totally mad with my BSD before reading this two lines ... By the way, I have a question : why the lamer udp scan is gone ? To conclude this mail, i want to start a talk about the utility to fingerprints system with these icmp unreachable (if we got them, let's use them, it can't kill us), i worked a little on this topic and i still think it can "easily" be done. @+ -- mailto:guillaume () valadon net ICQ uin : 1752110 Page ouebe : http://guillaume.valadon.net "Everybody be cool. You be cool" - Seth Gecko --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Deny/Reject patch Guillaume Valadon (Oct 24)
- RE: Deny/Reject patch Ofir Arkin (Oct 24)
- Re: Deny/Reject patch Fyodor (Oct 24)
- RE: Deny/Reject patch Ofir Arkin (Oct 24)
- Re: Deny/Reject patch Guillaume Valadon (Oct 25)