Hi, On Tue, Jan 24, 2006 at 11:49:28PM +0100, Michel Arboi wrote: > On Tue Jan 24 2006 at 11:07, Nelson, C.M. wrote: > > XP SP2 systems by default have the firewall enabled and, as a result of > > having the "File and Printer Sharing" configuration checkbox unchecked, > > do not respond to ping (the MS way of doing things!) > > If uPNP is still allowed, then TCP:2869 will answer with RST. > Should I add this port in the "extended" list of ping_host.nasl?
That sounds like a sensible thing to do. > > If I do not use ping, and use Nmap to portscan it completes very quickly > > where an address does not correspond to a live host. > > As Javier already said, Nmap uses "ARP ping" on the same network. But > as soon as there is a gateway between the scanner and the target, > you're dead. A well-behaved router will return "host unreachable" on a ping to a dead host (since there won't be an ARP reply), while a host filtering ICMP echo request packets would result in no answer at all (router ARPs, gets an answer (hence, no "host unreachable" to the scanner), sends out the ping, no answer). Would it be possible for nessus to take advantage of that behavior? However, if the gateway to the network with the filtering host is not well-behaved, we're lost again. And most routers rate limit "host unreachable" packets, so this method is flawed as well. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
