Re: feature suggestion: --udp_reliable

[Fyodor <fyodor () insecure org>]

On Fri, Nov 22, 2002 at 11:52:35PM -0800, Florin Andrei wrote:
> That's why i think it would be useful to have an option to mark
> unresponsive UDP ports as "filtered", just the same as the ports that
> send back port-unreachable, and mark "open" only the ports that actually
> send back a UDP reply.

The problem with this is that most open UDP ports do NOT send back any
reply to the 0-byte UDP packet.  So "filtered" ports that do not send
back an ICMP administratively-prohibited erro look just like open
ports.  In that case, I would usually rather err on the side of
reporting filtered ports as open.  That is usually less dangerous than
giving people false assurance that all their ports are "filtered".
Perhaps I should add an "unknown" state.  At some point, Nmap may
provide an option to spend a bunch of application-specific UDP
packets.    That would help coax out resposes, and those responses
would tell not only that the port is open but what application service
is running.

Cheers,
-F


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).