RE: DENY x REJECT

From: Frank Knobbe (FKnobbe@KnobbeITS.com)
Date: 10/04/01


Message-ID: <32CD6FE22EAB444BB1D27C10949A0E7C14FD57@server1.home.knobbeits.com>
From: Frank Knobbe <FKnobbe@KnobbeITS.com>
To: 'Rosenau' <rosenau@netsec.com.br>, pen-test@securityfocus.com
Subject: RE: DENY x REJECT
Date: Thu, 4 Oct 2001 14:44:03 -0500 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Rosenau [mailto:rosenau@netsec.com.br]
> Sent: Wednesday, October 03, 2001 10:53 AM
>
> Does anybody know a port scanner that could distinguish a
> "deny" filtered
> tcp port (firewall drops packets for the port) from a
> "reject" filtered tcp
> port (firewall returns an ICMP - port unreachable)?.
>
> Nmap seems to report boths cases simply as "filtered".
> Actually, both cases
> are filtered, but when you receive a ICMP, you can be sure
> that the port is
> really filtered. If you do not receive nothing, the port
> could be filtered,
> or packets could have been lost...

I always run a tcpdump session along with scans to watch for
interesting stuff like that. Also, variations in the responding TTL
will give clues where system are located during sweep scans.

tcpdump is your friend ;)

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBO7y8A5ytSsEygtEFEQLDDwCbBnkDCBuCrEqdiZJi/opU/k9cXCkAnR6x
Xr5ggplVEYmkMXyATefh1k56
=ciHI
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: [opensuse] Interactive Firewall Needed
    ... That situation is impossible in Linux, as the firewall can not track to ... not to outgoing packets, and there is no info to link this to whatever ... application might have opened that port for listening. ...
    (SuSE)
  • Re: Odd firewall messages
    ... > Aside from my bind problems, I finally got a firewall up and running ... The ipfilter rules catching the odd packets are: ... > block in log quick on xl1 from 192.168.0.0/16 to any ... they start with systematic probes for port 137. ...
    (FreeBSD-Security)
  • Re: Visnetic and 8signs firewall LOOPHOLE Read....
    ... I said I am just reporting bug in your Firewall, ... From the Port Scan/Properties control screen: ... The firewall filtered 100% of the packets that were received. ... operating system (I'm talking Windows, ...
    (comp.security.firewalls)
  • Re: how nmap can know my firewalled servers ?
    ... external interface packets will be rejected with RST packets and packets ... Dropping traffic at a firewall violates RFC and makes it ... PORT STATE SERVICE ... Chain INPUT ...
    (Security-Basics)
  • Re: Network packet question.
    ... =>> I am only using dovecot for my internal network. ... =>> My firewall allows outgoing auth packets. ... =>> the src and the src port is 113 which makes no sense at all. ...
    (Fedora)