|
Nmap Development
mailing list archives
Re: Ncrack on exotic Windows-land
From: Rob Nicholls <robert () robnicholls co uk>
Date: Fri, 26 Jun 2009 11:32:25 +0100
I have no idea why Windows sends the RST, it shouldn't. The only
explanation I can come up with is that Windows doesn't support one-way
TCP connections. When I saw this I muttered some anti-Windows,
anti-Microsoft slurs and threw my hands up in disgust.
I've only tried this using ftp on the command line and quitting the FTP
server, but I only see this behaviour (the unusual RST immediately being
sent) if the Windows Firewall is enabled. If I disable it I can see the
final handshaking done properly. I'm not sure if the Windows Firewall is
behind the RST sent to the OSX clients or if this is a separate - but
similar - issue. Can either of you reproduce your issues if the Windows
Firewall is disabled?
I would imagine (for the ncrack issue) that the Windows Firewall knows that
the process has exited (and released it's connection) so it sends a reset
because even if it got a response back there wouldn't be an application
that's listening so it would just get filtered, causing the FTP server to
send more traffic trying to gracefully close the connection.
I can see why it's potentially bad for a firewall - other firewalls may do
the same? - to do this (it should only issue resets in response to a
connection request for a nonexistent connection, and shouldn't be
proactive), but I can understand what they're trying to do. I suspect we'll
have to live/deal with it, especially as the Windows Firewall is on by
default.
Rob
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
