Penetration Testing mailing list archives
RE: Strange replies on closed port
From: "Lars Troen" <Lars.Troen () sit no>
Date: Wed, 1 Feb 2006 10:37:57 +0100
a and b seems to be clear: a: firewalled host b: non-firewalled host
These observations seem to be correct.
c and d are a bit strange: Who is responding with the icmp-messages: the target-host or a packetfilter? Especially the hping-message in d confuses me a bit. What should be the default behaviour for an ip-stack if it gets a SYN on a closed Port?
The default behaviour is to send an icmp packet with port unreachable. Host d) is filtered by an access list on the router in front of the server. Lars ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Strange replies on closed port Lars Troen (Feb 02)
- <Possible follow-ups>
- RE: Strange replies on closed port Dario Ciccarone (dciccaro) (Feb 02)