Nmap Announce mailing list archives
Re: Corrections for "Using the Unused" and for "The DF Playground"
From: Kevin Steves <stevesk () sweden hp com>
Date: Wed, 13 Sep 2000 19:36:20 +0200 (CEST)
On Wed, 13 Sep 2000, Ofir Arkin wrote: : What this means is Solaris is the ONLY operating system to set : the DF bit on ICMP Query replies enabling us to identify it exclusively. HP-UX sets it as well when ip_pmtu_strategy=1. I suspect your test host has the default 2, which is deprecated for reasons stated in a security bulletin, and you didn't respond to its ping probe. $ ndd -h ip_pmtu_strategy : And Solaris and HPUX 11.0 are the ONLY operating systems to Echo : back the Reserved Bit. Not surprising that they do something the same, since they share a Mentat-derived heritage. I believe the ip_pmtu_strategy=2 is an HP-thing. You might play around with observing data in RST segments. : Since Solaris sets the DF bit as well we can distinguish between : Sun Solaris Machines and HPUX 11.0 machines. Not always, my systems have ip_pmtu_strategy=1. : For all of you who wrote back to say that we can turn off replies : for various ICMP Queries with Solaris - PLEASE DO SO! This is the reason : for all this :) ndd -h lists the tunables and help text on HP-UX 11.0. I have a list of what I recommend at the end of http://people.hp.se/stevesk/bastion11.html. -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Corrections for "Using the Unused" and for "The DF Playground" Ofir Arkin (Sep 13)
- Re: Corrections for "Using the Unused" and for "The DF Playground" Kevin Steves (Sep 13)
- Re: Corrections for "Using the Unused" and for "The DF Playground" Ralf Hildebrandt (Sep 15)
- Re: Corrections for "Using the Unused" and for "The DF Playground" Kevin Steves (Sep 13)