Hi there, when i try to scan a network i notice that most of the ports are filtered or closed. When i scan an analyze the traffic I notice that ICMP echo reply with Type No 3 and No 9. What are some of the ways to scan through a filtered network?
I don’t have a good answer for this - because it does vary on the specifics of a lot of situations. ICMP Type 3 is “Destination Unreachable” - which can mean a lot of things and is hard to tell apart from the system simply not being there. Type 9 - router advertisement - might be more useful as it hints at some way you could try to spoof or bounce solicitation messages. This is likely to become pretty complex, pretty quickly. So if the responses to nmap are filtered/closed (its worth validating this with
--reason on nmap to get the specifics) there are a few things that might cause it, so a few things you’d need to try and bypass. For example, it could be a firewall, it could be a packet filtering router, it could be application rules etc. Places I’d look for ideas: Firewall/IDS Evasion and Spoofing | Nmap Network Scanning
Additional Info: In simplest terms, a close port will respond (in most cases with a RST/ACK, or ICMP unreachable) and a filtered report does not.
@alvin said: > Additional Info: In simplest terms, a close port will respond (in most cases with a RST/ACK, or ICMP unreachable) and a filtered report does not. Yes, unless the device filtering the traffic is configured to send ICMP unreachables, or the device really is unreachable etc.