Nmap Development mailing list archives
Deny/Reject patch again !
From: Guillaume Valadon <guillaume () valadon net>
Date: Mon, 29 Oct 2001 23:32:34 +0100
hi guys,
I tried to put all the good ideas you send into nmap, but i had few
problems. It's work for me, but i don't like the way it is.
First, i don't know exactly where to store the source IP address of the
received icmp packet. I added an address filed to the "struct port", ok
it's works but it's ugly ...
I will be cool if we can store those IPs in an another structure like:
struct portunr
{
u16 portno;
struct in_addr address;
struct portunr *next;
}
If a port is flag as unreachable we can fetch the IP address in this
list.
On the other hand, the output made me crazy.
If we receive an icmp from a host different from the destination of the
scan :
1/tcp Port Unr. from 192.168.0.1 tcpmux
If it's the same
1/tcp Port Unr. tcpmux
Those codes descriptions are too big ...
9/tcp Dst Net Admin. prohibited discard
10/tcp Dst Host Admin. prohibited unknown
13/tcp Com. Admin prohibited daytime
Do you have ideas for the output ?
I didn't manage to have something sexy.
Finally, nmap seems to be very strict on codes of icmp unreachable
packet he could receive. It only accepts code 0, 1, 2, 3, 9 10 & 13. Is
there a good reason to only accept those codes ?
Moreover there is something weird, i played with my ipfilter and is
return-icmp and "bind" an icmp unreachable with a tcp port in order to
test the patch output :*)
block return-icmp(net-unr) in log quick on ed0 proto tcp from any
to 192.168.0.3 port = 1
block return-icmp(host-unr) in log quick on ed0 proto tcp from any
to 192.168.0.3 port = 2
block return-icmp(port-unr) in log quick on ed0 proto udp from any
to 192.168.0.3 port = 3
block return-icmp(needfrag) in log quick on ed0 proto tcp from any
to 192.168.0.3 port = 4
...
./nmap -P0 -sS spooky -p1-15
[ cut output about unexpected icmp codes ]
Interesting ports on spooky.county.er (192.168.0.3):
(The 1 port scanned but not shown below is in state: closed)
Port State Service
1/tcp Net Unr. tcpmux
2/tcp Host Unr. compressnet
3/tcp Port Unr. compressnet
4/tcp filtered unknown
5/tcp filtered rje
6/tcp filtered unknown
7/tcp filtered echo
8/tcp filtered unknown
9/tcp Dst Net Admin. prohibited discard
10/tcp Dst Host Admin. prohibited unknown
11/tcp filtered systat
12/tcp filtered unknown
13/tcp Com. Admin prohibited daytime
14/tcp filtered unknown
Ok, filtered is good.
But with a super scan:
# ./nmap -P0 -sX spooky -p1-15
Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on spooky.county.er (192.168.0.3):
(The 1 port scanned but not shown below is in state: closed)
Port State Service
1/tcp Net Unr. tcpmux
2/tcp Host Unr. compressnet
3/tcp Port Unr. compressnet
4/tcp open unknown
5/tcp open rje
6/tcp open unknown
7/tcp open echo
8/tcp open unknown
9/tcp Dst Net Admin. prohibited discard
10/tcp Dst Host Admin. prohibited unknown
11/tcp open systat
12/tcp open unknown
13/tcp Com. Admin prohibited daytime
14/tcp open unknown
Thoses ports are not filter, i think that it's a bug ...
What should we do ? 'Support' more icmp codes ?
@+
guillaume
--
mailto:guillaume () valadon net
ICQ uin : 1752110
Page ouebe : http://guillaume.valadon.net
"Coding is like sex, it's dirty when it's good." - me :*)
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Deny/Reject patch again ! Guillaume Valadon (Oct 29)