Re: nmap on the internal interface of a PIX

[antirez <antirez () linuxcare com>]

On Wed, Sep 13, 2000 at 05:02:45PM -0700, Chris Cappuccio wrote:
> nmap has other quirks like this, too, you can't totally take everything it
> says literally, you have to understand what it's actually doing to make these
> determinations.... New packet shaping/filtering stuff plays new tricks and
> nmap would have to compensate for everything to be totally accurate!!!

Or you can use hping2, downloadable at http://www.kyuzz.org/antirez/hping
It's simple to write some shell script that reports a lot of information.
Expecially with stateful firewalls I found hping useful.
To say "this port is filtered" just since you can't get some packet
back is too easy. If you want not send a SYN you should try with
a SYN/ACK. Some stateful firewall that ignores all other
TCP packets (SYN excluded) send back a RST when a SYN/ACK reaches a
stateful firewalled port.

antirez

-- 
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa             
+39.049.80 43 411 tel, +39.049.80 43 412 fax                    
antirez () linuxcare com, http://www.linuxcare.com/                              
Linuxcare. Support for the revolution.                                        

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards