Security Basics mailing list archives
Re: Fwd: Re[2]: how nmap can know my firewalled servers ?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 21 Apr 2006 20:57:08 +0200
On 2006-04-19 John Bond wrote:
On 4/14/06, Thierry Zoller <Thierry () zoller lu> wrote:Lots of Packetfilters answer with ICMP Administravtively Prohibited, sometimes also leaking their internal IP address by the way.. It is a common way to respond every IP stack I know about will understand that message.this is a little of topic but i read a something recently where it was pointed out that one has to answer with Administravtively Prohibited to indicate that the user is breaking the rules. this gives precedence to press charges if scanning continues.
"Administratively prohibited" is a mere notification that the administrator has RIGHT NOW restricted access to THIS port. It doesn't tell anything about any other ports or any other time. Using e.g. an exploit to get around that restriction would be breaking the rules, trying to access another port or the same port on another day wouldn't. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Re: how nmap can know my firewalled servers ?, (continued)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 17)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 13)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 13)
- Re: how nmap can know my firewalled servers ? manu (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re[2]: how nmap can know my firewalled servers ? Thierry Zoller (Apr 17)
- Re: Re[2]: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Message not available
- Fwd: Re[2]: how nmap can know my firewalled servers ? John Bond (Apr 19)
- Re: Fwd: Re[2]: how nmap can know my firewalled servers ? Ansgar -59cobalt- Wiechers (Apr 21)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 13)
- MSN File Upload Monitoring fullsecure (Apr 17)