<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Nmap Development: tcpwrapped?

tcpwrapped?

From: Anssi Porttikivi <porttikivi_at_gmail.com>
Date: Thu, 13 Dec 2007 15:39:33 +0200

While scanning a certain network I see port 22 listed as SSH, but if I
do service detection (-sV) it is detected as "tcpwrapped".

Looking with Ethereal it looks to me that the port will do the TCP
handshake for me but will then close it down, replying "FIN" to my
next packet. Perhaps based on my IP address?

So this is like there would be "tcpd" blocking me which there probably
is not, but some SSH or PAM based method to cut down all unfit traffic
with no error messaging? Does the term "tcpwrapped" refer to this
"tcpd" like behaviour? What is the exact triggering, when does nmap
say "tcpwrapped"?

I looked at the source that sets "tcpwrapped": getServiceDeductions()
in portlist.cc. But I could not understand its meaning.

-- 
mailto:app@iki.fi skype:gatestone http://gatestone.jaiku.com
tel:+358407505155 home:Espoo,Finland
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Dec 13 2007

This message: [ Message body ]
Next message: Rob Nicholls: "Re: tcpwrapped?"
Previous message: Kris Katterjohn: "Re: Nmap 4.50 Released!"
Next in thread: Rob Nicholls: "Re: tcpwrapped?"
Reply: Rob Nicholls: "Re: tcpwrapped?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]