Nmap Development mailing list archives
OS determination - if only got 1 open port behind a tight firewall - a thought experiment
From: "Richard Braganza" <Richard.Braganza () insight co uk>
Date: Sat, 22 Oct 2005 13:15:36 +0100
Dear All, Not sure if the following would work technically let alone legally: If you have access to a machine with only one port open and other ports screened by a firewall. would it be possible to determine the os by simulating the 1 open and 1 closed port requirement of nmap by getting the single open port to be open and then be closed? My thinking is to exceed the listen limit on the open socket, to create a port that is no longer open - I presume - it would become 'closed' - even if it was for a split second? If I am correct and a socket that exceeds its listen count acts in a closed state, could nmap be made to do this? I know this is DoS and may not be wanted as part of nmap development - or even if nmap can already do this - I have RTFM but did not see it. Regards Richard ------------------------ Insight Consulting------------------------- Insight Consulting, part of Siemens Communications, is a leading specialist provider of services and solutions for information security, business continuity and risk management. -----------------------------Disclaimer----------------------------- Siemens Communications - a division of Siemens plc, Registered No: 727817, England. Registered office: Siemens House, Oldbury, Bracknell, Berkshire, RG12 8FZ. This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the addressee. If you are not the addressee please note that any distribution, reproduction, copying, publication or use of this communication or the information is prohibited. If you have received this communication in error, please contact us immediately and also delete the communication from your computer. We accept no liability for any loss or damage suffered by any person arising from use of this e-mail. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- OS determination - if only got 1 open port behind a tight firewall - a thought experiment Richard Braganza (Oct 22)