RE: how nmap can know my firewalled servers ?

["Burton Strauss" <Burton () FelisCatus org>]

nmap uses the standard connection mechanisms (tcp or udp) for the default
testing.  Thus, say for port 80, it tries to create a connection.

Depending on how your firewall handles this nmap can figure out that there
is SOMETHING there - if you send back and RST packet to tear down the
connection... If you really want to stealth the ports, set your firewall (or
iptables) to DROP unwanted packets - this doesn't convey any information.

-----Burton

-----Original Message-----
From: Alexey Eremenko [mailto:al4321 () gmail com] 
Sent: Wednesday, April 12, 2006 1:24 PM
To: security-basics () securityfocus com
Subject: how nmap can know my firewalled servers ?

Hi all !

I know that "nmap" can show open ports. But nmap also shows my firewalled
ports !
How?

Since some servers (like apache) are firewalled with iptables, how can nmap
know wherever my system run the service with open port, filtered port or
doesn't run it at all ?


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------