Firewall Wizards mailing list archives
RE: result question
From: Mike Hoskins <mike () adept org>
Date: Thu, 28 Aug 2003 17:35:55 -0700 (PDT)
Subject: RE: [fw-wiz] result question Date: Thu, 28 Aug 2003 15:09:26 -0400 From: "Whiteside, Larry [contractor]" <BAE14 () SPHQ SSP NAVY MIL> To: "rmck" <rmckeever () earthlink net>, <firewall-wizards () honor icsalabs com>
assuming that the port is open because there is no response. Doing UDP = scans with NMAP, it wants to see a TCP reset or something to tell NMAP = that it is closed. I am not sure what response it is looking for doing a FIN scan, but it is probably something similar.
UDP wants ICMP type 3. FIN wants RST. that's all in nmap(1). UDP scans are more useless than normal if you're blocking all ICMP somewhere along the line. but don't do that, you'll break PMTUD. -mrh -- From: "Spam Catcher" <spam-catcher () adept org> To: spam-catcher () adept org Do NOT send email to the address listed above or you will be added to a blacklist! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- result question rmck (Aug 28)
- Re: result question franco segna (Aug 28)
- <Possible follow-ups>
- RE: result question Whiteside, Larry [contractor] (Aug 28)
- RE: result question Mike Hoskins (Aug 28)