RE: Deny/Reject patch

["Ofir Arkin" <ofir () sys-security com>]

Why not mapping the type and codes and just writing down the exact error
message?

Here are the exact type/code pairs:

Type 3 Destination Unreachable

Code List:
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated 4
9 Communication with Destination Network is Administratively Prohibited
5
10 Communication with Destination Host is Administratively Prohibited 6
11 Destination Network Unreachable for Type of Service.
12 Destination Host Unreachable for Type of Service.
13 Communication Administratively Prohibited.
14 Host Precedence Violation
15 Precedence cutoff in effect

Hope this helps.

Ofir Arkin [ofir () sys-security com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA


-----Original Message-----
From: Guillaume Valadon [mailto:guillaume () valadon net] 
Sent: ד 24 אוקטובר 2001 22:29
To: nmap-dev () insecure org
Subject: Deny/Reject patch

Hi,

As seen in pen-test mailing list severals weeks ago some people find it
usefull to know the kind of icmp unreachable we eventually got in
response.

Fyodor said it was easy to add this feature to nmap so there it is. (it
may be ugly as i didn't nmap sources very well ...).

# ./nmap -sS pouet -p 3

Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on pouet (1.2.3.4):
Port       State          Service
3/tcp      unr. (code 1)  compressnet             


Nmap run completed -- 1 IP address (1 host up) scanned in 1 second


It doesn't work for none root port scans types as the "only" way to know
we got an icmp is to view it with a pcap. In fact, i made it "works"
with 
linux and connect scan, quoting an old fyodor's paper:

"While non-root users can't read port unreachable errors directly, Linux

is cool enough to inform the user indirectly when they have been
received."

I became totally mad with my BSD before reading this two lines ...

By the way, I have a question : why the lamer udp scan is gone ? 

To conclude this mail, i want to start a talk about the utility to
fingerprints system with these icmp unreachable (if we got them, let's
use them, it can't kill us), i worked a little on this topic and i still
think it can "easily" be done.

@+
-- 
mailto:guillaume () valadon net
ICQ uin : 1752110

Page ouebe : http://guillaume.valadon.net

     "Everybody be cool. You be cool" - Seth Gecko


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).