mailing list archives
how to know scan is correct?
From: Reinoud Koornstra <Reinoud.Koornstra () ibbnet org>
Date: Wed, 9 Feb 2000 23:25:44 +0100 (MET)
And..... are there any suggestions for this:
Assume i have a machine running ipf which deals with the traffic from
Behind that machine is an entire netwerk using ipnat.
Now some one uses nmap on me to see what is open and what isnt.
Now, ipf notices a packet... (fyn scan) does nothing with it but redirects
it to another machine on the network on which the port is closed.
Then nmap will think the port on the firewalled machine is closed while
nmap really got the results from another machine without knowing it.
A friend of mine deals this way with this kind of scans and fooling nmap