Re: nmap 5.21 sends protocol unreachable

[David Fifield <david () bamsoftware com>]

On Thu, Jan 28, 2010 at 07:38:50PM -0500, Derek wrote:
> I was actually thinking earlier today that maybe it was Windows sending
> the packet because it is not expecting the reply, so I then tried it on
> a Windows XP machine to see if it was a Windows thing. It seems to be a
> Windows 7 specific feature, because the Windows XP PC did NOT send an
> ICMP Protocol Unreachable message, in fact it didn't send any packet at
> all after receiving the unexpected reply. So with that being said, is
> it possible to forge echo, timestamp, or address mask replies to check
> for live hosts, not with nmap I know, but with some other network tool?
> If not, how difficult would it be to code such a feature into nmap or
> just as a stand alone program?

If Windows is responding with destination unreachables to
echo/timestamp/mask replies, then it is probably doing so with requests
too. (When you ping the Windows 7 computer do you get an echo reply or a
destination unreachable?) Unless it's dropping ICMP requests and only
sending unreachables for replies, then Nmap's usual ICMP pings will be
just as effective in this case and also more generally useful.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/