Mark Boltz wrote:
> What you're seeing is possibly a firewall device of some kind, or maybe
> an IPS that is configured with SYN flood protection. I know that the
> Symantec firewalls have done this in the past, and it messes up other
> stateful firewalls in between that are expecting the SYN-ACK instead. If
> you could find out the device that's doing it, it would be a useful
> piece of information.
>
But why doesn't it happen with hping2 or netcat? That's why I was
suggesting using some options to change the packets in some way when
sending with Nmap. Is it because Nmap sends more packets than those
other programs? Maybe you can explain that one to me :)
Thanks,
Kris Katterjohn
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 05 2007
Intro
