RE: Data Interpretation

["David Gillett" <gillettdavid () fhda edu>]

> On 2009-03-17 David Gillett wrote:
> >   Neither of these things is happening, and nmap can't tell why not.
> > SOMETHING must be listening, since no ICMP packet was 
> received back, 
> > but clearly it's not a normal process. The most likely scenario is 
> > that a firewall or other security measure is dropping the 
> SYN packet 
> > without deigning to respond.
>
> Packet filters aren't really listening (at least not in the 
> TCP sense of the word).

  Agreed, although I'd say that this is closer to the English definition
of listen than the TCP sense which carries additional implications.

 
> >   This is, in fact, exactly what you want.
>
> I have to disagree. What you actually want in a situation 
> like that is the firewall to respond with a RST.

  I'm aware of arguments for and against sending an RST; I considered
them beyond the scope of the present question.  But certainly if these
services were merely unsupported and not actively hostile, sending an
RST would be the correct and polite thing to do.
  And that would tell nmap that the port was actively being blocked....

David Gillett


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available. 

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------