never heard of any tests trying for that. maybe your ISP dropping some
ports (135-139, 445, etc. are common) and rejecting them and it saw the
unreachables as you connecting back?
Hard telling, sounds like a buggy testing tool to me though. if you can
recall what site it is, I'll check it out closer. basically impossible
to tell without seeing it.
A Rossi wrote:
I have a question regarding this very subject. When I first used m0n0wall
(yes, I know this is not m0n0wall, but just listen) I tested it with a bunch
of those firewall testing sites, I passed all of them, but this one said
that my firewall did a "counter-probe" or something that sounds similar.
Basically it described it as even though the firewall was "stealthed" (it
blocked all packets), it attempted to gain information on the intruder. The
tester assumed it was some kind of tracerouter and suggested that it be
turned off for added security.
Since pfSense is based on m0n0wall, I was wondering if it had the same
problem? I was also curious as to what the heck that tester was talking
about. So, if this longwinded and vague description reminds you of something
that you know of, please let me know.
Thanks.
