Nmap Development mailing list archives
Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75
From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 31 Jan 2005 10:36:51 +0100
On Sun, Jan 30, 2005 at 08:03:30PM -0800, Fyodor wrote:
CONNECT-closedflitered - I'm not sure how common this API response is among platforms and it may confuse users.
OK, I will test it on other OS's and if all behaves the same, I will push this patch again.
defeat_ICMP_ratelimit - This will certainly speed things up, but there is a risk of decreasing accuracy.
1) Nmap-3.7x with this patch is not less accurate than stock Nmap-3.5x 2) Nmap-3.7x without this patch is too much slow against ratelimited ICMP DU (1 port costs 1 second), Nmap-3.5x is fast (in my opinion, Nmap-3.7x is almost unusable because of this behaviour - it is *seconds* with 3.5x versus *hours* with 3.7x while getting the same results in both cases) 3) ratelimited ICMP DU is common (almost every TCP/IP stack except of Microsoft Windows implements it) and RFC-recommended behaviour I don't see the risk and even if there theoretically is, that kind of slowness is not worth it IMHO. I could implement something along "--do_not_defeat_ICMP_ratelimit" though...
detect_TARPIT - This is a very cool technique, but I'm not sure it belongs in the core distribution. For example, sometimes you might want to scan tarpits.
Then you would use -P0 or -PU, -PE, -PP, -PM ... because only -PS or -PA detects tarpit (and only when it runs against tarpitted port, ie. non-opened or non-closed). I could implement "--scan_tarpits" though...
If it just printed a note in verbose mode about potentially tarpitted hosts, that might be better.
OK, in my TODO list. Martin Mačok ICT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 11)
- Message not available
- Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 29)
- Message not available
- Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 30)
- Re: [updated patch] fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 29)
- Message not available
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Fyodor (Jan 30)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Feb 01)
- patches against 3.81 Martin Mačok (Feb 07)
- Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75 Martin Mačok (Jan 31)