Real reason: > > > > Matthew Keller wrote: > > > > > It's not a problem if you listen to the reason why it happens. It is > > > very uncommon in the TCP world for a packet to just "disappear" with no > > > reply at all. When you "portscan" a machine, if it has port 72 closed it > > > will return an icmp packet telling you that the port is unreachable. > > > nmap is "smart" enough to assume that the lack of any response means > > > that the port is being blocked altogether. > > > Ipfilter was very dumb, comparatively to Iptables. Ipfilter's "drop" > > > was essentially the equivalent to a "reject" in Iptables as it didn't > > > stop the IP stack from returning the icmp port unreachable message. Do a > > > packet capture while portscanning and you'll see the difference. > > > > > > On Thu, 2002-02-28 at 07:53, Justin Piszcz wrote: > > > > He still didn't answer my question. > > > > DROP = IPtabels shows filtered ports. > > > > DROP = Ipfilter shows nothing. > > > > > > > > I've discussed this with about 10 people in #linux/EFNET. > > > > They believe it is an IPTables problem. > > > > > > > > Matthew Keller wrote: > > > > > > > > > As you insisted on posting your original note to Bugtraq, it would be > > > > > decent of you to print a retraction. > > > > > > > > > > On Thu, 2002-02-28 at 07:44, Negrea Mihai wrote: > > > > > > On Thursday 28 February 2002 02:34 pm, you wrote: > > > > > > > Yes I understand that. > > > > > > > I am using DROP. > > > > > > > Why does it show filtered? > > > > > > > As a drop policy on ipchains/ipfwadm, from what I've been told, is it drops > > > > > > > the packet, does not reply back, and therefore should NOT show a filtered > > > > > > > port. > > > > > > > > > > > > > > > > > > > nmap guesses that the pachet has been filtered if it does not receive any > > > > > > answer from the scanned host & port > > > > > > That's why nmap shows filtered... > > > > > > and about the xmas and null scans just do a search on google with "xmas null > > > > > > iptables" > > > > > > > > > > > > > > > > > -- > > > > > > > > > > Matthew Keller > > > > > Enterprise System Analyst > > > > > Computing & Technology Services > > > > > Information Services Division > > > > > State University of NY at Potsdam > > > > > Potsdam, NY USA > > > > > > > > > > http://mattwork.potsdam.edu/ > > > > > > > > > > > -- > > > > > > Matthew Keller > > > Enterprise System Analyst > > > Computing & Technology Services > > > Information Services Division > > > State University of NY at Potsdam > > > Potsdam, NY USA > > > > > > http://mattwork.potsdam.edu/ > > > > > -- > > Matthew Keller > Enterprise System Analyst > Computing & Technology Services > Information Services Division > State University of NY at Potsdam > Potsdam, NY USA > > http://mattwork.potsdam.edu/
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 14:43:34 PST