Re: Whether a port is Firewalled or just not opened

[William Stackpole]

Boryan,   I can think of a couple of possible ways to do it but they are highly dependent on the firewall software and the location of the attacker.   1. Applications, operating systems, services, etc. are often identified by their responses to certain packets.  For example, it may be possible to find ports with service proxies running if they take more time to respond then ports without proxies.  However, most firewalls don't generate any kind of  response for packets they drop.   2. If properly located, the attacker might be able to "spoof" a connection from one of your trusted host and find the port that way.  Again, this is difficult but not impossible.   -- Bill Stackpole, CISSP      ----- Original Message ----- From: Boryan Yotov To: [EMAIL PROTECTED] Sent: Wednesday, December 12, 2001 4:18 AM Subject: Whether a port is Firewalled or just not opened Hello, everybody. I'm newbie at the firewall area :) so this question could sound a litle bit silly.   I would like to ask you if there is a way to understand whether a port on a remote machine is firewalled or just not opened. I use iptables to setup a firewall and I set a ACCEPT target for TCP port 80 for all "trusted" connections. All other connections to this port are DROP-ed (the INPUT chain policy is set to DROP).I'm currious whether someone could detect that the port is existing but firewalled e.g. available just for a few hosts.