icmpprotohack question

["Eddie Bell" <ejlbell () gmail com>]

In scan_engine.cc at the bottom of get_pcap_results() there a block of code,
used in protocol scans, that seems to
set icmp as open if nmap receives any icmp packet.

I set up a firewall rule to drop all ICMP packets but nmap still says icmp
is open because it receives protocol unreachable
messages. Should the code not test the type of icmp message to determine if
icmp is open or closed? Surely receiving a
protocol unreachable message for icmp should automatically negate icmp from
being open

Have I missed something or does this seem wrong?

 - eddie


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev