Nmap Development mailing list archives
Re: [Patch] --exclude-ports option for Nmap
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 18 Jun 2014 14:10:52 -0500
On Wed, Jun 18, 2014 at 10:01 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote:
Hi All! Attached is the patch for --exclude-ports option for Nmap. A discussion for it had occured at [1] before. When coding it in, however, I realized that we should probably block even host discovery (ACK, SYN and such) if the user asks for it. The current patch takes care of such cases and shows relevant error messages (for example, try running "nmap --unprivileged -sn --exclude-ports 80,443"). I've also modified some error messages that were shown previously (when user gives invalid port specifications) so that it matches with --exclude-ports too. All tests that I ran on my machine passed. What I'm not so sure about is something like "nmap --exclude-ports 1-1000 {target}". With the current patch, it correctly shows a warning that it is skipping TCP ping scan (the reason is that 80 and 443 are excluded). This might seem like a nuisance to some since they might not care how host discovery is done (and that's why they left it at default). Should I rewrite the warning part so that it appears only if non default host discovery is done? Another possibility is that I could show the warning always (if non default) and only when -d is used (if default host). I personally think that this second method might be more useful, but I think this might require some thought. Feedback is welcome as always. :) Cheers, Jay Links: [1] http://seclists.org/nmap-dev/2014/q2/400
Jay, There is a problem with the patch in handling exclusions of host discovery ports when --top-ports is given: excluded ports are still used in this case. This is because the exclusion is being handled by gettoppts (which does not affect ping ports) only, and not by removepts (which handles all port/protocol types). I think this can be fixed by removing the conditional on line 1558, and simply running removepts regardless. I have not tested that hypothesis, though, so you may come up with a better fix. In general, though, your feature is looking good. I do think that the warning should be shown in all cases where an entire ping type is excluded, because otherwise we will get bug reports that Nmap is not detecting some host that they know is up (perhaps because it is blocking ICMP, and we excluded the available TCP ping ports.) An alternative to simply dropping the default TCP ping ports would be to choose them as the first-and-second-most popular ports after exclusions. This would have the advantage of not eliminating a host discovery type altogether, but it would mean a change to the way things currently work without --exclude-ports, since the 2 most-popular ports are 80 and 23 (443 is 3rd place). I only bring this up as a discussion point; please don't spend time implementing it, since it's not likely to be a desired feature. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Patch] --exclude-ports option for Nmap Jay Bosamiya (Jun 18)
- Re: [Patch] --exclude-ports option for Nmap Daniel Miller (Jun 18)
- Re: [Patch] --exclude-ports option for Nmap Jay Bosamiya (Jun 19)
- Re: [Patch] --exclude-ports option for Nmap Daniel Miller (Jun 18)