Re: -sO for IPv6

[David Fifield <david () bamsoftware com>]

On Wed, Jun 15, 2011 at 07:08:18PM -0700, David Fifield wrote:
> On Wed, Jun 15, 2011 at 05:40:27PM -0500, Dario Ciccarone (dciccaro) wrote:
> > 2) Because of (1), 0, 43, 44 and 60 are erroneously reported as
> > "open|filtered", with reason "no-response". Actually, the thing is that
> > for the other ones being reported as "closed", the OS is indeed sending
> > back an ICMPv6(4,1) - but for those four I mention before, it's sending
> > back an ICMPv6(4,0) - which we aren't checking for as a return value.
>
> Oops, you're right. In fact we are testing for ICMPv6(4, 0) (and marking
> "open" in that case), but there is another bug that prevents that test
> from happening.
>
> > 3) On top - if a device between the nmap scanning host & the target is
> > filtering traffic for those protocols, the filtered protocols are being
> > reported as (again) "open|filtered", "no-response" - even when the
> > filtering device *does send back* an ICMPv6(1,1) - which again, looks
> > like we're not checking for.
>
> We are checking for ICMPv6(1, 1) (dest unreachable, admin prohibited),
> but it might not be taking effect due to the same bug I mentinoed above.

I think this bug is fixed in recent commits. I get "open" now in
response to protocol 44, ipv6-frag.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/