Add --defeat-icmp-ratelimit option for UDP scanning. [Issue #216] #353
@sergeykhegay I've reviewed this and I think it is nearly ready to commit. My only remaining concern is that the default state for timed-out ports is "open|filtered", which means that service scan will try to probe them and NSE will run against them, but they are more likely closed than open.
The easiest fix to this seems to be changing
--- a/scan_engine.cc +++ b/scan_engine.cc @@ -851,7 +851,7 @@ static void set_default_port_state(std::vector<Target *> &targets, stype scantyp (*target)->ports.setDefaultPortState(IPPROTO_TCP, PORT_OPENFILTERED); break; case UDP_SCAN: - (*target)->ports.setDefaultPortState(IPPROTO_UDP, PORT_OPENFILTERED); + (*target)->ports.setDefaultPortState(IPPROTO_UDP, o.defeat_icmp_ratelimit ? PORT_CLOSEDFILTERED : PORT_OPENFILTERED); break; case IPPROT_SCAN: (*target)->ports.setDefaultPortState(IPPROTO_IP, PORT_OPENFILTERED);
I think that maybe adding a warning at the end of the scan would be helpful if we did this. Something like "WARNING: Some ports marked closed|filtered may actually be open. For more accurate results, do not use --defeat-icmp-ratelimit"
PORT_OPENFILTERED _if_ o.defeat_icmp_ratelimit is set. This will prevent service scan probing and NSE running against supposedly closed ports.
possible inaccuracy of the results at the end of the scan. Some ports marked closed|filtered may actually be open.