Nmap Development mailing list archives
Re: 10.1.1.1 up?
From: "Steven Alexander" <steve () cell2000 net>
Date: Fri, 30 May 2003 17:01:44 -0700
----- Original Message ----- From: <jaye_gettes () hushmail com> To: "Chad Loder" <cloder () loder us>; <nmap-dev () insecure org> Sent: Friday, May 30, 2003 8:11 AM Subject: Re: 10.1.1.1 up?
I thought -P0 was "do not ping first" in case programs like portsentry block you if you ping a host first? Also, is it not the case that a host that is not pingable (because a fw blocks ping) could allow a tcp or udp port in? thanks
ping uses an ICMP packet. ICMP, TCP and UDP are different protocols that each use the IP protocol. A firewall can selectively block any or all of these. It can also block some of each type but not others. For instance, a firewall could allow outgoing ICMP echo requests and incoming ICMP echo replies but deny all other ICMP traffic in or out of the network. This would allow users on the internal network to ping outside hosts but would not allow outside hosts to ping a machine on the network; it would also disallow other ICMP traffic such as timestamps and redirects. -steven --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- 10.1.1.1 up? jaye_gettes (May 28)
- <Possible follow-ups>
- Re: 10.1.1.1 up? jaye_gettes (May 30)
- Re: 10.1.1.1 up? Steven Alexander (May 30)