Nmap Development mailing list archives
[PATCH] Reorder Traceroute UDP port selection
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 15 Feb 2008 08:22:03 -0600
Hey everyone! I've attached a patch to reorder --traceroute's UDP port selection.Before, an open port was checked for, then a closed one, then filtered (if not TCP). The problem is the vast majority of the time a UDP port is considered open only because of version detection.. so when Traceroute sends a probe the an open port, it won't get a response back.
This patch makes it so that for UDP, it checks for closed, then open, then filtered. For everything else it's the way it was.
Consider this host: PORT STATE SERVICE VERSION 111/udp open rpcbind 2 (rpc #100000) 112/udp closed mcidas 113/udp closed authPort 111 is only open because I ran -sV against it (was open|filtered). So --traceroute, using the open port, doesn't get a response and results in this:
TRACEROUTE (using port 111/udp) HOP RTT ADDRESS ! maximum TTL reached (50) But with the patch, it uses the closed port first: TRACEROUTE (using port 112/udp) HOP RTT ADDRESS 1 1.58 gateway (192.168.10.1) <snip> 14 44.80 xhost (w.x.y.z) Any comments or suggestions are appreciated. Thanks, Kris Katterjohn
Index: traceroute.cc =================================================================== --- traceroute.cc (revision 6837) +++ traceroute.cc (working copy) @@ -325,8 +325,8 @@ u16 open_port = 1; u16 closed_port = 1; u16 filtered_port = 1; - u16 state = 0; u16 port = 0; + int state = -1; struct Port *np; /* Use the first specified port for ping traceroutes */ @@ -347,21 +347,31 @@ open_port = (!scaninfo.open_response) ? 0 : 1; } - /* First we try to find an open port, if not we try to find a closed - * port and lastly we try to find a filtered port */ - if (open_port && t->ports.getStateCounts (proto, scaninfo.open_state)) - state = scaninfo.open_state; - else if (closed_port && t->ports.getStateCounts (proto, scaninfo.closed_state)) - state = scaninfo.closed_state; - else if (filtered_port && t->ports.getStateCounts (proto, PORT_FILTERED)) { + /* For UDP we try for a closed port, then an open one. For everything else + * we try the opposite. When all else fails, we try for filtered */ + if (proto == IPPROTO_UDP) { + if (closed_port && t->ports.getStateCounts (proto, scaninfo.closed_state)) + state = scaninfo.closed_state; + else if (open_port && t->ports.getStateCounts (proto, scaninfo.open_state)) + state = scaninfo.open_state; + } else { + if (open_port && t->ports.getStateCounts (proto, scaninfo.open_state)) + state = scaninfo.open_state; + else if (closed_port && t->ports.getStateCounts (proto, scaninfo.closed_state)) + state = scaninfo.closed_state; + } + + if (state == -1 && filtered_port && + t->ports.getStateCounts (proto, PORT_FILTERED)) { state = PORT_FILTERED; if (o.verbose) log_write (LOG_PLAIN, "%s: only filtered %s available, results may be incorrect\n", t->targetipstr (), o.ipprotscan ? "protocols" : "ports"); - } else { - return -1; } + if (state == -1) + return -1; + np = t->ports.nextPort (NULL, proto, state); if (!np) return -1;
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Reorder Traceroute UDP port selection Kris Katterjohn (Feb 15)
- Re: [PATCH] Reorder Traceroute UDP port selection Eddie Bell (Feb 15)
- Re: [PATCH] Reorder Traceroute UDP port selection Fyodor (Feb 15)