Paul Robertson wrote: > On Thu, 18 Apr 2002, Michael Janke wrote: > > >>Tcpdump on the NMAP host shows that no packets have been returned to NMAP, >>yet NMAP concludes that the ports are open. Nmap generates a false positive? > > > NMAP knows that stacks will produce some sort of "not answering" thing > like a TCP RST if they're not listening on a specific port. It decides if > something is firewalled on that basis (it's in the nmap docs.) Perhaps > you're running into that? > > Paul > ----------------------------------------------------------------------------- > Paul D. Robertson "My statements in this message are personal opinions > [EMAIL PROTECTED] which may have no basis whatsoever in fact." >
Possibly. http://www.nmap.org/nmap/nmap_doc.html#fin Nmap seems to assume that the FIN packet was dropped because the OS port is open, instead of assuming that it was dropped because a firewall tossed it out. Oh well. -- ----------------------------------------- Michael Janke Director, Network Services Minnesota State Colleges and Universities ----------------------------------------- _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
