Re: Data Interpretation



On 2009-03-19 David Gillett wrote:
I have to disagree. What you actually want in a situation like that
is the firewall to respond with a RST.

I'm aware of arguments for and against sending an RST; I considered
them beyond the scope of the present question. But certainly if these
services were merely unsupported and not actively hostile, sending an
RST would be the correct and polite thing to do.
And that would tell nmap that the port was actively being
blocked....

Huh? Unless I'm missing something, sending an RST would emulate the
exact same behavior that a "bare" TCP/IP stack has. Silently dropping
packets is a much stronger indicator that a port is actively being
blocked.

Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------