mailing list archives
From: "Anssi Porttikivi" <porttikivi () gmail com>
Date: Thu, 13 Dec 2007 15:39:33 +0200
While scanning a certain network I see port 22 listed as SSH, but if I
do service detection (-sV) it is detected as "tcpwrapped".
Looking with Ethereal it looks to me that the port will do the TCP
handshake for me but will then close it down, replying "FIN" to my
next packet. Perhaps based on my IP address?
So this is like there would be "tcpd" blocking me which there probably
is not, but some SSH or PAM based method to cut down all unfit traffic
with no error messaging? Does the term "tcpwrapped" refer to this
"tcpd" like behaviour? What is the exact triggering, when does nmap
I looked at the source that sets "tcpwrapped": getServiceDeductions()
in portlist.cc. But I could not understand its meaning.
mailto:app () iki fi skype:gatestone http://gatestone.jaiku.com
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- tcpwrapped? Anssi Porttikivi (Dec 13)