[ale] Nmap + filtered ports
Bob Toxen
transam at verysecurelinux.com
Thu Dec 15 21:46:52 EST 2005
First, as noted previously, -j REJECT sends a packet back that nmap sees;
use DROP (or DENY if using Chains).
Second, generally it's best just to DROP all that you don't allow rather
than trying to get "clever". You probably don't know enough about networking
to outsmart nmap or other very clever scanners and thus just will "tip your
hand".
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
On Wed, Dec 07, 2005 at 04:54:36PM -0500, James P. Kinney III wrote:
> On Wed, 2005-12-07 at 16:43 -0500, Christopher Fowler wrote:
> > Can someone tell me how nmap sees "filtered" ports? I've got my rule se
> > to reject and nmap can see that something is there but it is being
> > rejected. I thought "REJECT" would appear as if there was no one bind
> > ()'ing on that port?
> >
> >
> -j REJECT --reject-with icmp-host-prohibited
>
> Shows on a nmap scan as "closed"
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> --
> James P. Kinney III \Changing the mobile computing world/
> CEO & Director of Engineering \ one Linux user /
> Local Net Solutions,LLC \ at a time. /
> 770-493-8244 \.___________________________./
> http://www.localnetsolutions.com
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list