|
Nmap Development
mailing list archives
Re: Nmap does not notice ACK packets
From: "Hans Nilsson" <hasse_gg () ftml net>
Date: Tue, 06 Feb 2007 02:12:39 -1100
Maybe the device only triggers when certain criteria are met? Like
number of packets per second, amount of packets, time between packets,
how many ports are involved etc.
On Mon, 05 Feb 2007 13:52:36 -0600, "Kris Katterjohn"
<katterjohn () gmail com> said:
Mark Boltz wrote:
What you're seeing is possibly a firewall device of some kind, or maybe
an IPS that is configured with SYN flood protection. I know that the
Symantec firewalls have done this in the past, and it messes up other
stateful firewalls in between that are expecting the SYN-ACK instead. If
you could find out the device that's doing it, it would be a useful
piece of information.
But why doesn't it happen with hping2 or netcat? That's why I was
suggesting using some options to change the packets in some way when
sending with Nmap. Is it because Nmap sends more packets than those
other programs? Maybe you can explain that one to me :)
Thanks,
Kris Katterjohn
--
Hans Nilsson
hasse_gg () ftml net
--
http://www.fastmail.fm - And now for something completely differentÂ…
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- Re: Nmap does not notice ACK packets, (continued)
|
Intro
