Re: Data Interpretation

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2009-03-19 David Gillett wrote:
> > I have to disagree. What you actually want in a situation like that
> > is the firewall to respond with a RST.
>
>   I'm aware of arguments for and against sending an RST; I considered
> them beyond the scope of the present question.  But certainly if these
> services were merely unsupported and not actively hostile, sending an
> RST would be the correct and polite thing to do.
>   And that would tell nmap that the port was actively being
> blocked....

Huh? Unless I'm missing something, sending an RST would emulate the
exact same behavior that a "bare" TCP/IP stack has. Silently dropping
packets is a much stronger indicator that a port is actively being
blocked.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------