Nmap Announce mailing list archives
TCP questions
From: "Donald McLachlan" <don_mclachlan () hotmail com>
Date: Tue, 27 Jun 2000 15:24:27 EDT
Hello, This is not really an nmap question, but I did use nmap to gather the basic research provided below, and I feel experienced nmap users may be able to answer the 2 questions below. I'm doing some research with the aim of developing a new security tool. My desire (for now) is to elicit a TCP packet from end systems. Any old TCP packet from the end system is fine, and in fact if it returns the same packet whether the port is open or closed, that might be more palatable to some security minded folks. Therefore I'm looking at using either an ACK or FIN+ACK or SYN+ACK, or SYN+FIN+ACK packet; all of which are supposed to elicit an RST packet. My naive feeling is that from the Internet packets to open ports have the best chance of reaching end systems. So I did some testing on a network and I found the top 10 open ports (10 ignoring the small services) were: 512, 513, 13, 21, 23, 111, 19, 7, 9, 135, 514, 515, 139 Further research revealed that I could reach all the hosts on that net by looking at just these ports 139, 111, 514, 515 Now my questions: (in your experience ...) - From the Internet, packets with which TCP flag combinations are most likely to reach end systems? - From the Internet, packets to/from which TCP ports are most likely to reach end systems? Thanks, Don P.S. Yes, I suppose I could use nmap to find the answers to these questions myself, but that is not the sort of activity I want to be doing, and I'm sure someone has already done it and knows the answers. P.P.S. (for later) Which udp ports are most reachable from the Internet? ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- TCP questions Donald McLachlan (Jun 27)