On Sun, 2003-11-23 at 22:32, Eamon Caddigan wrote: > Interestingly, I need to run 'nmap -PT<port> <ip>', where <port> is one > of the ports I've opened, to make nmap realize the host isn't down. > Presumably, this is because port 80 is closed -- but why would it, and > all others, be reported as "filtered"? > Because the packets are fragmented, and the fragments get through your firewall. To see them being completely closed, you need to use connection tracking. This will cause the packets being reassembled before they are filtered.
-- Molnar Peter <[EMAIL PROTECTED]> -- [EMAIL PROTECTED] mailing list
