--- hic sonni <[EMAIL PROTECTED]> wrote:
> Hi all, Ive done nmap scan, I got:
>
> 6666/tcp open|filtered irc-serv
> 6667/tcp open|filtered irc
> 6668/tcp open|filtered irc
>
> what does it mean (open|filtered)??
RTFM?
nmap manual:
-sF -sX -sN
Stealth FIN, Xmas Tree, or Null scan modes: [...]
The idea is that closed ports are required to reply to your
probe packet with an RST, while open ports must ignore the pack-
ets in question (see RFC 793 pp 64). Filered ports also tend to
drop probes without a response, so Nmap considers ports
"open|filtered" when it fails to elicit any response.
No RST received == "open|filtered"
Try a SYN or an ACK scan. The prior will work unless the remote
system/site monkeys with you (too many probes in too short of a
time, scanning a monitored port that triggers something, etc). The
latter is good against stateless firewalls.
You can see if a ACK works by trying it out on something known to
be open. The same goes w/ a SYN scan that returned a RST and w/ a
FIN scan (Null and Xmas are very noisy). And then there's SYN+FIN
and SYN+RST scanning (using the mysterious, undocumented
--scanflags option)...
HTH,
Jon
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
