On Tue, Oct 26, 2004 at 12:52:08PM +0200, Thomas Springer wrote:
> hi,
>
> nessus does a traceroute, it says its an udp-trace.
> isn't this really an icmp-trace?
All kind of traceroute (tcp or udp) is an icmp traceroute in the end -
the very basis of traceroute is to receive an ICMP unreach message from
the gateways on the way. So if a firewall on the way decides to block all
kind of outbound ICMP packets, your traceroute won't be complete no matter
what kind of probe you sent in the first place.
As it has been pointed out, Nessus uses a TCP traceroute by default,
which is the more likely to work as we send packets to a TCP port that
is _known_ to be open. But that's not always sufficient.
If you're mapping a relatively small network (no more than 8 hops), you
probably want to use record_route.nasl (plugin#12264). It uses the IP
"record route" option, and is therefore _way_ more effective. The
downside is that (believe it or not) some incompetent vendors out there
are selling routers/switches which _crash_ when they pass along an
IP packet with the RR option set, which is why I had to change the type
of this plugin to ACT_DESTRUCTIVE_ATTACK. So use it at your own risks.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
