Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Nmap/netwag problem.
From: Irene Abezgauz <irene.abezgauz () gmail com>
Date: Thu, 11 Aug 2005 00:01:02 +0200

I am not sure about what you said, since two scanners produce different
results, one of them indicating the ports are open. If there was a
firewall on the way it wouldn't have resulted in that.

As far as I know, if a scanner comes to a conclusion a port is OPEN, it
means it managed to get a good reply, unlike filtered which tends to be
a major false positive (port-scan detection system, a personal firewall
that prevented the packet from coming back (nasty little things these
personal firewalls, I tell you).

In any case, I think the key to the solution of this problem is the
identification of the cause of the difference, a manual connection
attempt to see how the ports respond, and then, once you got to the
meaning of the problem and can word it (e.g. "nmap on windows is marking
open ports as filtered") - then you can solve it properly.


Irene Abezgauz
Application Security Consultant
Hacktics Ltd.
Mobile: +972-54-6545405
Web: www.hacktics.com
 

-----Original Message-----
From: eliudgarcia () gmail com [mailto:eliudgarcia () gmail com] 
Sent: Wednesday, August 10, 2005 8:52 PM
To: pen-test () securityfocus com
Subject: Re: Nmap/netwag problem.

What can be the problem..??

There is probably a firewall in the middle. 'Filtered' does not equal
'closed', it just means there is something in the middle.

From Nmap man page: ..."Filtered means that a firewall, filter, or other
network obstacle is covering the port and preventing  nmap from
determining whether the port is open."...

------------------------------------------------------------------------
------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You
Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
------------------------------------------------------------------------
-------

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.5/67 - Release Date: 8/9/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.5/67 - Release Date: 8/9/2005
 


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]