-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Rosenau [mailto:rosenauat_private] > Sent: Wednesday, October 03, 2001 10:53 AM > > Does anybody know a port scanner that could distinguish a > "deny" filtered > tcp port (firewall drops packets for the port) from a > "reject" filtered tcp > port (firewall returns an ICMP - port unreachable)?. > > Nmap seems to report boths cases simply as "filtered". > Actually, both cases > are filtered, but when you receive a ICMP, you can be sure > that the port is > really filtered. If you do not receive nothing, the port > could be filtered, > or packets could have been lost... I always run a tcpdump session along with scans to watch for interesting stuff like that. Also, variations in the responding TTL will give clues where system are located during sweep scans. tcpdump is your friend ;) Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBO7y8A5ytSsEygtEFEQLDDwCbBnkDCBuCrEqdiZJi/opU/k9cXCkAnR6x Xr5ggplVEYmkMXyATefh1k56 =ciHI -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 15:00:04 PDT