Home page logo
/

nmap-dev logo Nmap Development mailing list archives

tcpwrapped?
From: "Anssi Porttikivi" <porttikivi () gmail com>
Date: Thu, 13 Dec 2007 15:39:33 +0200

While scanning a certain network I see port 22 listed as SSH, but if I
do service detection (-sV) it is detected as "tcpwrapped".

Looking with Ethereal it looks to me that the port will do the TCP
handshake for me but will then close it down, replying  "FIN" to my
next packet. Perhaps based on my IP address?

So this is like there would be "tcpd" blocking me which there probably
is not, but some SSH or PAM based method to cut down all unfit traffic
with no error messaging? Does the term "tcpwrapped" refer to this
"tcpd" like behaviour? What is the exact triggering, when does nmap
say "tcpwrapped"?

I looked at the source that sets "tcpwrapped": getServiceDeductions()
in portlist.cc. But I could not understand its meaning.

-- 
mailto:app () iki fi skype:gatestone http://gatestone.jaiku.com
tel:+358407505155 home:Espoo,Finland

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
  • tcpwrapped? Anssi Porttikivi (Dec 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]