From 341465967680712dffab549ea55fd0d16765aab3 Mon Sep 17 00:00:00 2001 From: david Date: Tue, 30 Dec 2008 23:45:28 +0000 Subject: [PATCH] Give TCP probes that result in a filtered state a lower rank. When a TCP gets a positive response that results in being marked filtered, the reply was an ICMP error. Such probes are now ranked a 2 along with UDP, IP proto, and other probes that get ICMP replies that are likely to be rate limited. Previously they got the highest rank, 6, because they were TCP probes other than SYN to an open port. SYN to an open port retains its rank of 3. --- scan_engine.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scan_engine.cc b/scan_engine.cc index 29361e963..994716f62 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -2328,11 +2328,11 @@ void HostScanStats::getTiming(struct ultra_timing_vals *tmng) { /* Define a score for a ping probe, for the purposes of deciding whether one probe should be preferred to another. The order, from most preferred to least preferred, is - Raw TCP (not SYN to an open port) + Raw TCP (not filtered, not SYN to an open port) ICMP information queries (echo request, timestamp request, netmask req) ARP Raw TCP (SYN to an open port) - UDP, IP protocol, or other ICMP + UDP, IP protocol, or other ICMP (including filtered TCP) TCP connect Anything else Raw TCP SYN to an open port is given a low preference because of the risk of @@ -2344,7 +2344,9 @@ static unsigned int pingprobe_score(const probespec *pspec, int state) { switch (pspec->type) { case PS_TCP: - if (pspec->pd.tcp.flags == TH_SYN && (state == PORT_OPEN || state == PORT_UNKNOWN)) + if (state == PORT_FILTERED) /* Received an ICMP error. */ + score = 2; + else if (pspec->pd.tcp.flags == TH_SYN && (state == PORT_OPEN || state == PORT_UNKNOWN)) score = 3; else score = 6;