tcpwrapped?

["Anssi Porttikivi" <porttikivi () gmail com>]

While scanning a certain network I see port 22 listed as SSH, but if I
do service detection (-sV) it is detected as "tcpwrapped".

Looking with Ethereal it looks to me that the port will do the TCP
handshake for me but will then close it down, replying  "FIN" to my
next packet. Perhaps based on my IP address?

So this is like there would be "tcpd" blocking me which there probably
is not, but some SSH or PAM based method to cut down all unfit traffic
with no error messaging? Does the term "tcpwrapped" refer to this
"tcpd" like behaviour? What is the exact triggering, when does nmap
say "tcpwrapped"?

I looked at the source that sets "tcpwrapped": getServiceDeductions()
in portlist.cc. But I could not understand its meaning.

-- 
mailto:app () iki fi skype:gatestone http://gatestone.jaiku.com
tel:+358407505155 home:Espoo,Finland

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org