Penetration Testing mailing list archives
Fw: DENY x REJECT
From: "Mehmet Murat Gunsay" <mgunsay () btkom com>
Date: Fri, 5 Oct 2001 16:39:46 +0300
For what it is worth, Nmap always retries ports that do not respond. It only marks them "filtered" after multiple probes fail to elicit any response. If lost packets are detected (for example if Nmap receives a response to the second probe but not the first one), then the number of retries is increased dramatically. Thus it is unlikely that an open port will be mislabeled "filtered" because of a few dropped packets.
To expand on this subject further, I'm running the following nmap command line nmap -P0 -sS -p 80 xxx.xxx.xxx.xxx and I know that the port is open. However I'm getting the following result: 80/tcp filtered http Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds How should I analyze this result??? Any feedback appreciated. Mehmet Murat Gunsay BTKOM A.S. http://www.btkom.com mgunsay () btkom com murat () gunsay com PGP Key ID: 0xDDE611E1 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- DENY x REJECT Rosenau (Oct 04)
- Re: DENY x REJECT R. DuFresne (Oct 04)
- Re: DENY x REJECT Fyodor (Oct 04)
- RE: DENY x REJECT Ofir Arkin (Oct 09)
- Re: DENY x REJECT niceshorts (Oct 09)
- RE: DENY x REJECT Ofir Arkin (Oct 10)
- Re: DENY x REJECT niceshorts (Oct 10)
- Re: DENY x REJECT niceshorts (Oct 09)
- <Possible follow-ups>
- RE: DENY x REJECT Frank Knobbe (Oct 04)
- Fw: DENY x REJECT Mehmet Murat Gunsay (Oct 05)