Re: [Patch] --exclude-ports option for Nmap

[Daniel Miller <bonsaiviking () gmail com>]

Jay,

Sorry to take so long getting back to you. This modified patch looks good,
please commit it.

Your next step should be to write the documentation in docs/refguide.xml
under the "man-port-specification" refsect1 element. Follow the -p and
--top-ports sections for XML structure and syntax, and be sure to cover:

* the syntax of the option's argument (can be as simple as saying it's the
same as -p)
* the order in which exclusions and inclusions are applied
* the fact that it also affects host discovery, and
* the fact that it works for IP Proto scanning, too.

Dan


On Thu, Jun 19, 2014 at 4:24 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote:

> Dan,
>
> Your hypothesis is correct.
>
> Actually, I had added line 1558 in one of my earlier versions (before I
> added support for host discovery exclusions) to reduce unnecessary
> calling of the function removepts.
>
> Attached is modified patch with just that line removed (and minor change
> in the comment just before it).
>
> Going for the alternative that you mentioned (first and second top ports
> after exclusion) would not be difficult but I personally think this'd
> just make things confusing for the end-user.
> Instead, showing that warning in all cases seems like the right thing to
> do, now that I think about it.
>
> Thanks for the quick feedback. :)
>
> Cheers,
> Jay
>
> On Thursday 19 June 2014 12:40 AM, Daniel Miller wrote:
> > Jay,
> >
> > There is a problem with the patch in handling exclusions of host
> > discovery ports when --top-ports is given: excluded ports are still
> > used in this case. This is because the exclusion is being handled by
> > gettoppts (which does not affect ping ports) only, and not by
> > removepts (which handles all port/protocol types). I think this can be
> > fixed by removing the conditional on line 1558, and simply running
> > removepts regardless. I have not tested that hypothesis, though, so
> > you may come up with a better fix.
> >
> > In general, though, your feature is looking good. I do think that the
> > warning should be shown in all cases where an entire ping type is
> > excluded, because otherwise we will get bug reports that Nmap is not
> > detecting some host that they know is up (perhaps because it is
> > blocking ICMP, and we excluded the available TCP ping ports.)
> >
> > An alternative to simply dropping the default TCP ping ports would be
> > to choose them as the first-and-second-most popular ports after
> > exclusions. This would have the advantage of not eliminating a host
> > discovery type altogether, but it would mean a change to the way
> > things currently work without --exclude-ports, since the 2
> > most-popular ports are 80 and 23 (443 is 3rd place). I only bring this
> > up as a discussion point; please don't spend time implementing it,
> > since it's not likely to be a desired feature.
> >
> > Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/