Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: Strange replies on closed port
From: "Lars Troen" <Lars.Troen () sit no>
Date: Wed, 1 Feb 2006 10:37:57 +0100
a and b seems to be clear:
a: firewalled host
b: non-firewalled host


These observations seem to be correct. 


c and d are a bit strange: Who is responding with the 
icmp-messages: the target-host or a packetfilter? Especially 
the hping-message in d confuses me a bit.
What should be the default behaviour for an ip-stack if it 
gets a SYN on a closed Port?


The default behaviour is to send an icmp packet with port unreachable.
Host d) is filtered by an access list on the router in front of the
server.

Lars

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]