Port Scanning
Matthew J. Brodeur
mbrodeur at NextTime.com
Mon Dec 10 20:55:12 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 10 Dec 2001, Regrettable Error wrote:
> I'm curious about port-scanning, and have a question. Suppose someone is
> trying to find a hole in my firewall, and scans a port that I'm not
> running. Won't their scan come up "negative" for that port?
This depends on your firewall config. If it's a port that's passed
through, but goes to a system that's not listening on that port, a TCP
reset should be issued (if it's a TCP scan, of course). This will cause
scanners I've used (nmap, for one) to consider the port closed.
If the firewall is blocking the port so that the packet disappears, the
scan will usually report as such. Some packet filters can be configured
so that all packet drops will produce a forged reset, causing the scanner
to report that the port was reachable but closed. IP Filter (BSD mostly)
can do this.
I've been at work far too long today to remember all of the other
possibilities. Maybe someone else can fill them in.
- --
-Matt
A bird in the hand is safer than one overhead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8FWeMc8/WFSz+GKMRAlC7AKCL4mDFs7U7l0nmWu1BNinytbYbHgCgn/yz
wocoo3oZbPYOGO3DYqepDZE=
=pnJ/
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list