Penetration Testing mailing list archives

RE: DENY x REJECT

From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Thu, 4 Oct 2001 14:44:03 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----Original Message-----
From: Rosenau [mailto:rosenau () netsec com br]
Sent: Wednesday, October 03, 2001 10:53 AM

Does anybody know a port scanner that could distinguish a 
"deny" filtered
tcp port (firewall drops packets for the port) from a 
"reject" filtered tcp
port (firewall returns an ICMP - port unreachable)?.

Nmap seems to report boths cases simply as "filtered". 
Actually, both cases
are filtered, but when you receive a ICMP, you can be sure 
that the port is
really filtered. If you do not receive nothing, the port 
could be filtered,
or packets could have been lost...



I always run a tcpdump session along with scans to watch for
interesting stuff like that. Also, variations in the responding TTL
will give clues where system are located during sweep scans.

tcpdump is your friend ;)

Regards,
Frank


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBO7y8A5ytSsEygtEFEQLDDwCbBnkDCBuCrEqdiZJi/opU/k9cXCkAnR6x
Xr5ggplVEYmkMXyATefh1k56
=ciHI
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

DENY x REJECT Rosenau (Oct 04)
- Re: DENY x REJECT R. DuFresne (Oct 04)
- Re: DENY x REJECT Fyodor (Oct 04)
- RE: DENY x REJECT Ofir Arkin (Oct 09)
  - Re: DENY x REJECT niceshorts (Oct 09)
    - RE: DENY x REJECT Ofir Arkin (Oct 10)
    - Re: DENY x REJECT niceshorts (Oct 10)
- <Possible follow-ups>
- RE: DENY x REJECT Frank Knobbe (Oct 04)
- Fw: DENY x REJECT Mehmet Murat Gunsay (Oct 05)