Penetration Testing mailing list archives
RE: Nmap/netwag problem.
From: Irene Abezgauz <irene.abezgauz () gmail com>
Date: Thu, 11 Aug 2005 00:01:02 +0200
I am not sure about what you said, since two scanners produce different results, one of them indicating the ports are open. If there was a firewall on the way it wouldn't have resulted in that. As far as I know, if a scanner comes to a conclusion a port is OPEN, it means it managed to get a good reply, unlike filtered which tends to be a major false positive (port-scan detection system, a personal firewall that prevented the packet from coming back (nasty little things these personal firewalls, I tell you). In any case, I think the key to the solution of this problem is the identification of the cause of the difference, a manual connection attempt to see how the ports respond, and then, once you got to the meaning of the problem and can word it (e.g. "nmap on windows is marking open ports as filtered") - then you can solve it properly. Irene Abezgauz Application Security Consultant Hacktics Ltd. Mobile: +972-54-6545405 Web: www.hacktics.com -----Original Message----- From: eliudgarcia () gmail com [mailto:eliudgarcia () gmail com] Sent: Wednesday, August 10, 2005 8:52 PM To: pen-test () securityfocus com Subject: Re: Nmap/netwag problem.
What can be the problem..??
There is probably a firewall in the middle. 'Filtered' does not equal 'closed', it just means there is something in the middle.
From Nmap man page: ..."Filtered means that a firewall, filter, or other
network obstacle is covering the port and preventing nmap from determining whether the port is open."... ------------------------------------------------------------------------ ------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------ ------- -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.5/67 - Release Date: 8/9/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.5/67 - Release Date: 8/9/2005 ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: Nmap/netwag problem., (continued)
- Re: Nmap/netwag problem. Rogan Dawes (Aug 11)
- Re: Nmap/netwag problem. Pete Herzog (Aug 11)
- Re: Nmap/netwag problem. Irene Abezgauz (Aug 11)
- Re: Nmap/netwag problem. Daniel Miessler (Aug 12)
- Re: Nmap/netwag problem. Pete Herzog (Aug 12)
- RE: Nmap/netwag problem. Omar Herrera (Aug 11)
- RE: Nmap/netwag problem. Irene Abezgauz (Aug 11)
- Re: Nmap/netwag problem. Kaj Huisman (Aug 12)
- Re: Nmap/netwag problem. Fyodor (Aug 12)
- Re: Nmap/netwag problem. ilaiy (Aug 12)
- Re: Nmap/netwag problem. Kaj Huisman (Aug 15)