Security Basics mailing list archives
Re: Re[2]: how nmap can know my firewalled servers ?
From: "Arturas Zalenekas" <security () zalenekas net>
Date: Fri, 14 Apr 2006 12:22:16 -0500 (CDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Thierry,
Dear Arturas Zalenekas, AZ> How does TCP protocol work !? How should it replay, e.g. to a closed port AZ> !? With ICMP packet !? Lots of Packetfilters answer with ICMP Administravtively Prohibited, sometimes also leaking their internal IP address by the way.. It is a common way to respond every IP stack I know about will understand that message.
Of course is that a common way. Everything is a common way :) Microsofts IP stack was/is also build on a "common way" :) Every application CAN work on a different way with the IP stack. Look at SAP software :) Thierry, I've seen so many crappy IP stacks in the wild ... that is terrable. But on the other hand, it is simple to identify the OS. But if you will see into the RFC 793 (if its not for TCP please correct me) and RFC 768 (should be UDP), you will understand, what I mean.
AZ> No, it has to answer with an RST. Answering with ICMP is fine, possible and in the wild.
Of course is it fine. But if you answer with an ICMP packet for a TCP packet, you can aprox. imagine, what kind of a device or IP stack it is :) Thierry, what I would like to say, a lot of developers don't care about RFCs and I personally hate that. Why do we have RFCs !? Just for fun !? But that is not the thema. The thema is "how nmap can know my firewalled servers ?" and it nice to see people wondering, what nmap can :) Thanks again to the team of nmap. I'd like to give a tip ... just try to sniff and look "deeper" into packets, how nmap works. It was at least a help for me. - -- Kind regards, Arturas Zalenekas Network Security Engineer and Analyst
-- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEP9pIh/vuw42ctAARAmNOAJ9CyIvaWbcVQaDBCSGobGAm89rQuACfQyYQ Y+2+wgEWJ+UYeiYMjOG886A= =eGC1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Re: how nmap can know my firewalled servers ?, (continued)
- Re: how nmap can know my firewalled servers ? Nathaniel Hall (Apr 12)
- Re: how nmap can know my firewalled servers ? Alice Bryson (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 17)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Re: how nmap can know my firewalled servers ? Alice Bryson (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 13)
- Re: how nmap can know my firewalled servers ? Nathaniel Hall (Apr 12)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 13)
- Re: how nmap can know my firewalled servers ? manu (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re[2]: how nmap can know my firewalled servers ? Thierry Zoller (Apr 17)
- Re: Re[2]: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Message not available
- Fwd: Re[2]: how nmap can know my firewalled servers ? John Bond (Apr 19)
- Re: Fwd: Re[2]: how nmap can know my firewalled servers ? Ansgar -59cobalt- Wiechers (Apr 21)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 13)
- MSN File Upload Monitoring fullsecure (Apr 17)