Add --defeat-icmp-ratelimit option for UDP scanning. [Issue #216] #353
This PR patches Issue 216.
As was discussed:
I figured out that Nmap initializes all ports as open|filtered. A port's state is changed only when
One might skim through this email I sent to firstname.lastname@example.org earlier:
I realize that discarding timeout'ed probes is a bad idea. Since UDP does not guarantee
If we want to scan faster, what we should not do is to adjust timing when Nmap changes
We do not want such behavior. On the other hand we still want Nmap to address
@sergeykhegay I've reviewed this and I think it is nearly ready to commit. My only remaining concern is that the default state for timed-out ports is "open|filtered", which means that service scan will try to probe them and NSE will run against them, but they are more likely closed than open.
The easiest fix to this seems to be changing
--- a/scan_engine.cc +++ b/scan_engine.cc @@ -851,7 +851,7 @@ static void set_default_port_state(std::vector<Target *> &targets, stype scantyp (*target)->ports.setDefaultPortState(IPPROTO_TCP, PORT_OPENFILTERED); break; case UDP_SCAN: - (*target)->ports.setDefaultPortState(IPPROTO_UDP, PORT_OPENFILTERED); + (*target)->ports.setDefaultPortState(IPPROTO_UDP, o.defeat_icmp_ratelimit ? PORT_CLOSEDFILTERED : PORT_OPENFILTERED); break; case IPPROT_SCAN: (*target)->ports.setDefaultPortState(IPPROTO_IP, PORT_OPENFILTERED);
I think that maybe adding a warning at the end of the scan would be helpful if we did this. Something like "WARNING: Some ports marked closed|filtered may actually be open. For more accurate results, do not use --defeat-icmp-ratelimit"
PORT_OPENFILTERED _if_ o.defeat_icmp_ratelimit is set. This will prevent service scan probing and NSE running against supposedly closed ports.
possible inaccuracy of the results at the end of the scan. Some ports marked closed|filtered may actually be open.