Re: SYN/FIN scans in nmap?

[Paul Herman <pherman () frenchfries net>]

Hi Ryan,

On Mon, 4 Dec 2000, Ryan Permeh wrote:

> this is all well and good, but it's not quite as simple as that.
> what criteria would you use to define open ports?  you would need
> a much more robust definition of a scan, including not only the
> outgoing packets, but also pertinenet returned packets to define
> things like port state(open, closed, filtered), and how icmp
> packets might look for a response, etc.  not a bad idea, but if
> you need a quick tool to do something liek this, you could cook
> one in an hour or two using libnet/pcap.

Indeed.  In the mean time :), I did find something that does just
that, hping.

As to SYN/FIN:  I think that Most Systems (upon receiving a SYN/FIN)
reply with a SYN/ACK on an open port, and a RST/ACK on a closed one.
Filtered ports seem to either drop the packets or reply with an
icmp...

In anycase, now that I've found the tool I was looking for, my
motivation for delving into the nmap code and comming up with patches
has unfortunately receded for the time being.  Now just consider me
part of the beloved "Idea Brigade"  ;-)

-Paul.


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).