Re: firewalk and nmap

["fatb" <fatb () security zz ha cn>]

I thought the two results are the same means.
if a "closed" port run some daemon to listen any incoming request,it means "open".
at this time,the hacker will make use of the "closed" port to bind a shell.

----- Original Message ----- 
From: "Christian Perst" <chris_perst () gmx de>
To: <pen-test () securityfocus com>
Sent: Wednesday, August 17, 2005 2:53 PM
Subject: firewalk and nmap


> Hi list,
>
> three years ago I could read that firewalk is for better use
> for testing ACLs on firewalls compared to nmap.
>
> Today I can test with nmap if a port on a machine is open (Syn -
> Syn-ack), closed or unfiltered (Syn - Rst-ack) and filterd (Syn
> - nothing).
> If firewalk does the scan on the firewall in front of the server
> I get open, closed and filtered. Isn't the closed port from nmap 
> the same as an open port on the firewall?
>
>
> e.g.
>
> -->-------------FW--------------Server
> open            22                80
> ports:          80
>
> nmap will show:
> 22 closed
> 80 open
> .. filtered
>
> firewalk:
> 22 A! open (port not listen)
> 80 A! open (port listen)
> .. *no response*
>
> If a port with nmap is closed, it surely is not filterd by the FW,
> since I get a RST back.
> So is there a difference anymore? Are there any settings where
> firewalk can take advantage of?
>
> Thanks,
> Chris
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------