Operating System Idiosyncrasies
ICMP port unreachable messages, which are produced in response toscanning, vary from operating system to operating system. Certain
operating systems implement thresholds to prevent themselves from
sending out too many ICMP port unreachable messages in a period of
time. Examples of this threshold have been found in versions of Linux
and Solaris.
The results from this type of scanning are reliable when scanning a local
network segment where the route the traffic will take can be readily
determined and where the traffic will not be filtered, lost or dropped.
This cannot be guaranteed on a large public network where one has
little or no control of the devices that the traffic will be routed through.
UDP ICMP port unreachable scanning can be reliable if we can
guarantee that,
• The ICMP port unreachable messages are NOT lost or dropped in
transit.
• The target host will actually return an ICMP port unreachable
packet for every port that is inactive.
No comments:
Post a Comment