Nmap Development mailing list archives
Re[2]: feature suggestion: --udp_reliable
From: Bo Cato <jcato73 () comcast net>
Date: Fri, 29 Nov 2002 02:07:34 -0500
Another solution would be to have nmap simply state if it has seen any icmp unreacheables from the ip it's scanning as part of verbose. Example: Starting nmap V. 3.TheAlphaNeverEnds ( www.insecure.org/nmap ) Host NINJA (192.168.0.236) appears to be up ... good. Initiating SYN Stealth Scan against NINJA (192.168.0.236) Adding open port 135/tcp Adding open port 445/tcp Adding open port 139/tcp The SYN Stealth Scan took 9 seconds to scan 1024 ports. Initiating UDP Scan against NINJA (192.168.0.236) The UDP Scan took 11 seconds to scan 1024 ports. Adding open port 445/udp Adding open port 500/udp Adding open port 138/udp Adding open port 137/udp Adding open port 135/udp Interesting ports on NINJA (192.168.0.236): (The 2040 ports scanned but not shown below are in state: closed) Port State Service 135/tcp open loc-srv 135/udp open loc-srv 137/udp open netbios-ns 138/udp open netbios-dgm 139/tcp open netbios-ssn 445/tcp open microsoft-ds 445/udp open microsoft-ds 500/udp open isakmp I saw ICMP unreachables from the host! Nmap run completed -- 1 IP address (1 host up) scanned in 20 seconds Or if no ICMP unreachables were seen.. "I did not see any ICMP unreachables from the host!" Or perhaps have nmap indicate by default (not needing to ask it to be -verbose) when ever you scan for udp if it has seen any ICMP unreachables or not. Like so: Starting nmap V. 3.StableDueIn3YearsOrSo. ( www.insecure.org/nmap ) Interesting ports on NINJA (192.168.0.236): (The 2040 ports scanned but not shown below are in state: closed) Port State Service 135/tcp open loc-srv 135/udp open loc-srv 137/udp open netbios-ns 138/udp open netbios-dgm 139/tcp open netbios-ssn 445/tcp open microsoft-ds 445/udp open microsoft-ds 500/udp open isakmp ICMP Unreachables detected from this host. Nmap run completed -- 1 IP address (1 host up) scanned in 19 seconds --Bo RA> Fyodor wrote:
On Fri, Nov 22, 2002 at 11:52:35PM -0800, Florin Andrei wrote:That's why i think it would be useful to have an option to mark unresponsive UDP ports as "filtered", just the same as the ports that send back port-unreachable, and mark "open" only the ports that actually send back a UDP reply.The problem with this is that most open UDP ports do NOT send back any reply to the 0-byte UDP packet. So "filtered" ports that do not send back an ICMP administratively-prohibited erro look just like open ports. In that case, I would usually rather err on the side of reporting filtered ports as open. That is usually less dangerous than
RA> I was thinking about this the other day, there should be an option (e.g. RA> --clarify) to clarify every state. Like this: RA> filtered (no response) RA> open (no response) RA> open (SYNACK recieved) RA> closed (RST recieved) RA> closed (ICMP port unreachable recieved) RA> firewalled (ICMP unreachable recieved from intermediate router) RA> ...and so on, for every state in every scan type. I'll try writing it up RA> if I get the time. If anyone else wants to do it, please do! RA> --------------------------------------------------------------------- RA> For help using this (nmap-dev) mailing list, send a blank email to RA> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org). -- Best regards, Bo mailto:jcato73 () comcast net --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- feature suggestion: --udp_reliable Florin Andrei (Nov 22)
- Re: feature suggestion: --udp_reliable Fyodor (Nov 23)
- Re: feature suggestion: --udp_reliable R Anderson (Nov 24)
- Re[2]: feature suggestion: --udp_reliable Bo Cato (Nov 28)
- Re: feature suggestion: --udp_reliable R Anderson (Nov 29)
- Re: feature suggestion: --udp_reliable Rasmus Andersson (Nov 29)
- Re: feature suggestion: --udp_reliable R Anderson (Nov 24)
- Re: feature suggestion: --udp_reliable Fyodor (Nov 23)