Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [updated patch] Re: fragment scan got broken between 3.50 and 3.75

From: Martin Mačok <martin.macok () underground cz>
Date: Tue, 1 Feb 2005 17:42:18 +0100
On Sun, Jan 30, 2005 at 08:03:30PM -0800, Fyodor wrote:


CONNECT-closedflitered - I'm not sure how common this API response is
                         among platforms and it may confuse users.


According to RFC 1122 (Requirements for Internet Hosts --
Communication Layers) the API should behave this way:

[..]
     A Destination Unreachable message that is received MUST be
     reported to the transport layer.  The transport layer SHOULD
     use the information appropriately; for example, see Sections
     4.1.3.3, 4.2.3.9, and 4.2.4 below.  A transport protocol
     that has its own mechanism for notifying the sender that a
     port is unreachable (e.g., TCP, which sends RST segments)
     MUST nevertheless accept an ICMP Port Unreachable for the
     same purpose.
[..]

P.S. Personally, I find it more confusing when CONNECT scan tells
"closed" and SYN scan tells "filtered" on the same port ...

Martin Mačok
ICT Security Consultant

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: