Penetration Testing mailing list archives

Fw: DENY x REJECT

From: "Mehmet Murat Gunsay" <mgunsay () btkom com>
Date: Fri, 5 Oct 2001 16:39:46 +0300


For what it is worth, Nmap always retries ports that do not respond.
It only marks them "filtered" after multiple probes fail to elicit any
response.  If lost packets are detected (for example if Nmap receives
a response to the second probe but not the first one), then the number
of retries is increased dramatically.  Thus it is unlikely that an
open port will be mislabeled "filtered" because of a few dropped
packets.


To expand on this subject further, I'm running the following nmap command line

nmap -P0 -sS -p 80 xxx.xxx.xxx.xxx

and I know that the port is open.  However I'm getting the following result:

80/tcp     filtered    http
Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds

How should I analyze this result??? Any feedback appreciated.

Mehmet Murat Gunsay
BTKOM A.S.
http://www.btkom.com
mgunsay () btkom com     murat () gunsay com
PGP Key ID: 0xDDE611E1







----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

DENY x REJECT Rosenau (Oct 04)
- Re: DENY x REJECT R. DuFresne (Oct 04)
- Re: DENY x REJECT Fyodor (Oct 04)
- RE: DENY x REJECT Ofir Arkin (Oct 09)
  - Re: DENY x REJECT niceshorts (Oct 09)
    - RE: DENY x REJECT Ofir Arkin (Oct 10)
    - Re: DENY x REJECT niceshorts (Oct 10)
- <Possible follow-ups>
- RE: DENY x REJECT Frank Knobbe (Oct 04)
- Fw: DENY x REJECT Mehmet Murat Gunsay (Oct 05)