Re: nmap scan results

[Steven DeFord <security.willworker () gmail com>]

On Fri, 18 Mar 2005 14:37:37 -0600, Ju Ne <ddjjembe1 () hotmail com> wrote:
> I've been reviewing nmap scan results on my network.  If a port comes back
> as filtered does that mean that it is open, closed, firewalled, or just
> unknown?

Firewalled, generally, AFAIK.

Open:
  SYN->SYN|ACK->ACK

Closed:
  SYN->RST|ACK->RST

Firewalled:
  SYN-> (timeout)

This is also why portscanning firewalled hosts takes a long time
(since all the packets have to time out).

-- 
Steven DeFord
steve () singingtree com
(925) 596-0426