Matt... Thanks... I haven't used nmap yet but according to your tcpdump output... it appears that RST's should accompany ACK's... but I'm running BSDi 3.0 with TIS Gauntlet patches.... I'm seeing some traffic without the ACK bit set. A company that is performing intrusion tests on my network is saying that the fact that the packet was sent back with an RST & ACK means that a service was available but it had some kind of filter on it. I disagreed, because I know that nothing was running except one port. But I performed a TCPdump while he scanned with a modified nmap and I saw the RST's going back with and without the ACK bit set. It wasn't really consistent either. Peace -Hassan Karim In a message dated 98-05-08 10:37:45 EDT, you write: << If this helps, here's the logs from tcpdump for a normal (full connect) tcp scan, syn, and fin scan. Fyodor's nmap was used for all the scans. All scans were conducted from 192.168.0.2 against 192.168.0.3 (both running Linux 2.0.33) >>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:49 PDT