Nmap Announce mailing list archives
firewalk meets nmap - TTL
From: Lance Spitzner <lance () spitzner net>
Date: Thu, 2 Nov 2000 23:00:53 -0600 (CST)
I'm not sure if anyone has thought of this, but this would be a REALLY cool feature for auditing firewall rulebases. Say you want to determine what ports a firewall allows through, what ports are NOT filtered. Have the option with nmap to set the TTL on the packets it sends. I set the TTL to be the same as the amount of hops to the firewall I am scanning. If the packet is filtered by the firewall, then it is dropped and nothing is sent back. However, if the packet is accepted by the firewall (and the port is not filtered), the firewall will attempt to forward it. However, the TTL will now be zero and the firewall will respond with ICMP TTL expired error message. You can now map what ports are passed through the firewall (i.e not filtered) without a packet ever passing through the firewall. firewalk meets nmap thoughts? -- Lance Spitzner http://www.enteract.com/~lspitz -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- firewalk meets nmap - TTL Lance Spitzner (Nov 03)
- RE: firewalk meets nmap - TTL Ofir Arkin (Nov 03)
- RE: firewalk meets nmap - TTL (tested) Lance Spitzner (Nov 04)
- RE: firewalk meets nmap - TTL (tested) Ofir Arkin (Nov 04)
- RE: firewalk meets nmap - TTL (tested) Lance Spitzner (Nov 04)
- Re: firewalk meets nmap - TTL Fyodor (Nov 05)
- Re: firewalk meets nmap - TTL Mikael Olsson (Nov 08)
- RE: firewalk meets nmap - TTL Ofir Arkin (Nov 03)