Firewall Wizards mailing list archives
Re: nmap on the internal interface of a PIX
From: Chris Cappuccio <chris () empnet com>
Date: Wed, 13 Sep 2000 17:02:45 -0700 (PDT)
That's why NMAP says filtered... To nmap, when it receives a connection-reset reply, (meaning nothing is listening on a particular TCP port), it ignores it, but when it gets NO reply (e.g. your packeteer filter), then it assumes the port is filered.... nmap has other quirks like this, too, you can't totally take everything it says literally, you have to understand what it's actually doing to make these determinations.... New packet shaping/filtering stuff plays new tricks and nmap would have to compensate for everything to be totally accurate!!! On Tue, 12 Sep 2000, Daniel Monjar wrote: | The latest PIX threads got me poking at mine. When I run nmap | against the internal interface I see: | | [dmonjar@monjard ~]$ nmap 10.155.1.49 | | Starting nmap V. 2.53 by fyodor () insecure org ( www.insecure.org/nmap/ ) | Interesting ports on pix.orgtek.com (10.155.1.49): | (The 1515 ports scanned but not shown below are in state: closed) | Port State Service | 23/tcp open telnet | 194/tcp filtered irc | 1467/tcp open csdmbase | 5631/tcp filtered pcanywheredata | 5632/tcp filtered pcanywherestat | 6000/tcp filtered X11 | 6667/tcp filtered irc | 65301/tcp filtered pcanywhere | | | | I get nervous when I see anything with 'pcanywhere' in the string. | Any idea why they're there? There are no conduits for those ports | configured and I have a filtering device (PacketShaper from Packeteer) | sitting on the internal interface between the PIX and the network that | excplicits discards pcanywhere stuff. | | -- | Daniel Monjar (mailto:dmonjar () orgtek com) | "Meddle not in the affairs of dragons, | for you are crunchy and taste good with ketchup." | | | _______________________________________________ | Firewall-wizards mailing list | Firewall-wizards () nfr net | http://www.nfr.net/mailman/listinfo/firewall-wizards | -- "Should we now be comfortable with a 'trust us, we're the government' approach? I don't think anybody on this committee shares that view." -John Conyers, House Judiciary Committee on the FBI Carnivore system _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- nmap on the internal interface of a PIX Daniel Monjar (Sep 13)
- Re: nmap on the internal interface of a PIX Robert Collins (Sep 14)
- Re: nmap on the internal interface of a PIX Chris Cappuccio (Sep 14)
- Message not available
- Re: nmap on the internal interface of a PIX Daniel Monjar (Sep 16)
- Message not available
- Re: nmap on the internal interface of a PIX antirez (Sep 16)
- <Possible follow-ups>
- RE: nmap on the internal interface of a PIX Keith Morgan (Sep 14)