Nmap Development mailing list archives
IPv6 scan not correct ?
From: Ruediger Rissmann <RRI () zurich ibm com>
Date: Wed, 25 Jun 2003 17:05:02 +0200
Hi, I just run nmap against one of my IPv6 routers, and found that every port was reported to be open. I had a look into the router configureation and found that every port is blocked by an acl and that all the packets from my nmap scan were discarded. Instead the router send back an ICMPv6 destination unreachable type 1: "communication with destination administratively prohibited" back wich seems to be not understood correctly by nmap. I remove the access-list, and nmap reported the correct ports to be open, so the problem seems to be only that specific icmpv6 message. I debugged the problem in scan_engine.cc and found that static int get_connect_results ( ...... ... if (getsockopt(sd, SOL_SOCKET, SO_ERROR, (char *) &optval, &optlen) != 0) optval = errno; switch (optval) .... } where optval is set to 13 wich is EACCES in the case I descibed above. So this littel patch solved the problem : --- scan_engine.cc 2003-06-25 15:36:47.000000000 +0200 +++ scan_engine.bak 2003-06-25 14:48:15.000000000 +0200 @@ -341,16 +341,6 @@ posportupdate(target, current, NULL, trynum, scan, ss, CONNECT_SCAN, P ORT_OPEN, pil, csi); #endif break; -#ifdef HAVE_IPV6 - case EACCES: - /* At least for my routers that send back an - ICMPv6 - destination unreachable type 1: - "communication with destination administratively prohibited" - This seems to be right */ - posportupdate(target, current, NULL, trynum, scan, ss, CONNECT_SCAN, POR T_FIREWALLED, pil, csi); - break; -#endif case ECONNREFUSED: posportupdate(target, current, NULL, trynum, scan, ss, CONNECT_SCAN, P ORT_CLOSED, pil, csi); break; Is that the right place to fix it ? Thanks, Ruedi Here the results of the scan against my router before the fix: Starting nmap 3.28 ( www.insecure.org/nmap/ ) at 2003-06-25 10:47 CEST Strange read error from 2001:620:0:fffd::2: Permission denied Strange read error from 2001:620:0:fffd::2 (13): Operation now in progress Strange read error from 2001:620:0:fffd::2 (13): Operation now in progress Strange read error from 2001:620:0:fffd::2 (13): Operation now in progress ......... Interesting ports on 2001:620:0:fffd::2: Port State Service 1/tcp open tcpmux 2/tcp open compressnet 3/tcp open compressnet 4/tcp open unknown 5/tcp open rje 6/tcp open unknown 7/tcp open echo 8/tcp open unknown 9/tcp open discard 10/tcp open unknown 11/tcp open systat 12/tcp open unknown ...... And so on. But belive me, all this ports are CLOSED. ------------------------------------------------------------------------------- Ruediger Rissmann IBM Zurich Research Laboratory --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- IPv6 scan not correct ? Ruediger Rissmann (Jun 25)