Re: DENY x REJECT

[Fyodor <fyodor () insecure org>]

On Wed, Oct 03, 2001 at 12:52:51PM -0300, Rosenau wrote:
> Nmap seems to report boths cases simply as "filtered". Actually, both cases
> are filtered, but when you receive a ICMP, you can be sure that the port is
> really filtered. If you do not receive nothing, the port could be filtered,
> or packets could have been lost...

For what it is worth, Nmap always retries ports that do not respond.
It only marks them "filtered" after multiple probes fail to elicit any
response.  If lost packets are detected (for example if Nmap receives
a response to the second probe but not the first one), then the number
of retries is increased dramatically.  Thus it is unlikely that an
open port will be mislabeled "filtered" because of a few dropped
packets.

That being said, I agree that knowing the source of ICMP error
messages is handy and I am hoping to add that to the XML output format
at some point.  If you want it really soon, you are welcome to make
the (relatively simple) changes yourself.  That is the beauty of open
source!  If you send me your patches, I will consider them for the
core Nmap tree so that everyone can benefit from them.

Cheers,
Fyodor
http://www.insecure.org/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/