Nmap Announce mailing list archives
Re: [PATCH] improvements and a new(?) type of scan
From: Darren Reed <avalon () coombs anu edu au>
Date: Wed, 3 Apr 2002 12:13:26 +1000 (Australia/ACT)
In some mail from Phil, sie said: [...]
* A new(?) type of scan : Well, I've never seen any references to this technique nor have I heard anybody speaking about it, so I imagine I have the privilege to give it a name. I've chosen the TTL scan. (Please correct me if I'm wrong).
This has been talked about before, although I'm not sure where. To counter this, IPFilter can enforce a "minimum ttl" for all packets transitting it. This is not yet available on a per-rule basis, rather you have to decide something like "I expect all packets to have a ttl of at least 4 to reach any publicly accessible systems". I don't know whether it came up on bugtraq or elsewhere, but the idea dates back to at least December 2000.
We can get those types of results : ./nmap -sS mymachine -p 22,23,666,667 -t 9 Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Interesting ports on AMontsouris-103-1-1-86.abo.wanadoo.fr (193.252.8.86): Port State Service 22/tcp open ssh 23/tcp filtered telnet 666/tcp UNfiltered unknown DNAT to 192.168.8.10:22 667/tcp UNfiltered unknown DNAT to 192.168.26.10:22
mmm, be nice if you could identify what sort of buggy firewall they are running that returns untranslated addresses in the ICMP error message :) God knows I've had enough trouble keeping that right! Darren -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- [PATCH] improvements and a new(?) type of scan Phil (Apr 02)
- Re: [PATCH] improvements and a new(?) type of scan Darren Reed (Apr 02)
- Re: [PATCH] improvements and a new(?) type of scan L. Walker (May 22)