[greg: please wrap your lines at 76 characters...] also sprach Greg Hunt <greg@supplyedge.com> [2002.01.10.1850 +0100]: > The reason it reports it as filtered is if someone tries to connect to > a port on which you're not running a service, say port 12345, your > server will respond back with a TCP/IP packet with the RST, ACK flags > set (I know RST, I think ACK too). nmap sees this as closed. If you > filter something out with iptables, a packet with RST flag is never > sent back, nmap just times out trying to connect and assumes it's > filtered. woops. discard my ICMP port unreachable thingie. (when is that sent???) > I'm not sure, but if you compile your kernel with iptables support and > use the REJECT target support (which sends back an ICMP error in > response to the attempted connection), nmap might say closed instead > of filtered (although since it's different than a packet with RST set, > maybe it still realizes it's filtered through a firewall). you can even make iptables can be made to do this too: iptables -A ....... -j REJECT --reject-with tcp-reset -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck with searching comes loss and the presence of absence: file not found.
Attachment:
pgpQE7vAYnHJi.pgp
Description: PGP signature