----- Original Message -----
From: "Denis Vlasenko" <[EMAIL PROTECTED]>
To: "fooler" <[EMAIL PROTECTED]>; <[email protected]>; "Niels"
<[EMAIL PROTECTED]>
Sent: Friday, May 13, 2005 4:57 PM
Subject: Re: [squid-users] Re: RE: How do I hide port 3128?
> > the simple logic and attack of nmap is that, it send a *tcp syn* to the
> > target host... if the the target host reply a *tcp syn/ack*... then nmap
> > will display that port is *open* otherwise nmap will assumed that port
is
> > *filtered*... therefore, filtering thru packet filter, binding to
> > localhost, whatever trick you gonna do... it will give you the same
results
> > from nmap...
>
> Not entirely correct info.
>
> Filtering with -DROP will make host NOT answer SYNs to 3128 at all,
> thus nmap will show this port as 'filtered'.
your explanation is the same as mine... so what is incorrect in there?
> Binding squid to 127.0.0.1:3128 will make host reply with RSTs
> ("I don't have this port open, go away"), nmap will show 'closed'.
yes it will display *closed* when the target host reply with a RST packet...
but my statement above is only about when a target host replies either tcp
syn/ack or not at all....
fooler.
