> > For what it is worth, Nmap always retries ports that do not respond. > It only marks them "filtered" after multiple probes fail to elicit any > response. If lost packets are detected (for example if Nmap receives > a response to the second probe but not the first one), then the number > of retries is increased dramatically. Thus it is unlikely that an > open port will be mislabeled "filtered" because of a few dropped > packets. > To expand on this subject further, I'm running the following nmap command line nmap -P0 -sS -p 80 xxx.xxx.xxx.xxx and I know that the port is open. However I'm getting the following result: 80/tcp filtered http Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds How should I analyze this result??? Any feedback appreciated. Mehmet Murat Gunsay BTKOM A.S. http://www.btkom.com mgunsayat_private muratat_private PGP Key ID: 0xDDE611E1 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 18:45:20 PDT