Firewall Wizards mailing list archives

RE: result question

From: Mike Hoskins <mike () adept org>
Date: Thu, 28 Aug 2003 17:35:55 -0700 (PDT)

Subject: RE: [fw-wiz] result question
Date: Thu, 28 Aug 2003 15:09:26 -0400
From: "Whiteside, Larry [contractor]" <BAE14 () SPHQ SSP NAVY MIL>
To: "rmck" <rmckeever () earthlink net>,
        <firewall-wizards () honor icsalabs com>

assuming that the port is open because there is no response. Doing UDP =
scans with NMAP, it wants to see a TCP reset or something to tell NMAP =
that it is closed. I am not sure what response it is looking for doing a
FIN scan, but it is probably something similar.

UDP wants ICMP type 3.  FIN wants RST.  that's all in nmap(1).  UDP scans
are more useless than normal if you're blocking all ICMP somewhere along
the line.  but don't do that, you'll break PMTUD.

-mrh

--
From: "Spam Catcher" <spam-catcher () adept org>
To: spam-catcher () adept org
Do NOT send email to the address listed above or
you will be added to a blacklist!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

result question rmck (Aug 28)
- Re: result question franco segna (Aug 28)
- <Possible follow-ups>
- RE: result question Whiteside, Larry [contractor] (Aug 28)
- RE: result question Mike Hoskins (Aug 28)