Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Port Scanning



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 10 Dec 2001, Regrettable Error wrote:

> I'm curious about port-scanning, and have a question. Suppose someone is 
> trying to find a hole in my firewall, and scans a port that I'm not 
> running. Won't their scan come up "negative" for that port?

   This depends on your firewall config.  If it's a port that's passed
through, but goes to a system that's not listening on that port, a TCP
reset should be issued (if it's a TCP scan, of course).  This will cause
scanners I've used (nmap, for one) to consider the port closed.
   If the firewall is blocking the port so that the packet disappears, the
scan will usually report as such.  Some packet filters can be configured
so that all packet drops will produce a forged reset, causing the scanner
to report that the port was reachable but closed.  IP Filter (BSD mostly)
can do this.

   I've been at work far too long today to remember all of the other 
possibilities.  Maybe someone else can fill them in.


- -- 
     -Matt

A bird in the hand is safer than one overhead.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8FWeMc8/WFSz+GKMRAlC7AKCL4mDFs7U7l0nmWu1BNinytbYbHgCgn/yz
wocoo3oZbPYOGO3DYqepDZE=
=pnJ/
-----END PGP SIGNATURE-----





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org