Re: Hacked - is it my turn? - interesting

To: Debian Security List <debian-security@lists.debian.org>
Subject: Re: Hacked - is it my turn? - interesting
From: Noah Meyerhans <frodo@morgul.net>
Date: Tue, 3 Feb 2004 09:10:26 -0500
Message-id: <[🔎] 20040203141026.GB2096@morgul.net>
Mail-followup-to: Noah Meyerhans <frodo@morgul.net>, Debian Security List <debian-security@lists.debian.org>
In-reply-to: <[🔎] 20040203043840.GA13318@nepomuk.stw.uni-duisburg.de>
References: <[🔎] 401DECCD.1050402@megahosted.com> <[🔎] Pine.LNX.3.96.1040202135231.13487A-100000@Maggie.Linux-Consulting.com> <[🔎] 20040202222839.GX2096@morgul.net> <[🔎] 20040203043840.GA13318@nepomuk.stw.uni-duisburg.de>

On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> > Those ports are not showing up as open.  'Filtered' does not mean open.
> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
> > this exact behavior, with nothing listening on these ports.
> 
> No, with REJECT they would show up as "closed". DROP produces
> "filtered".

Nope.  With REJECT, the kernel will send an ICMP port unreachable
response, which causes nmap to think "filtered".  If you add the
--reject-with tcp-reset flag to the iptables command, then the kernel
will send a TCP packet with the RST flag set, which indicates a closed
port.

noah

Attachment: pgpRk2fBD9XIC.pgp
Description: PGP signature

Reply to:

References:
- Re: Hacked - is it my turn?
  - From: Eric Nelson <en@megahosted.com>
- Re: Hacked - is it my turn? - interesting
  - From: Alvin Oga <aoga@ns.Linux-Consulting.com>
- Re: Hacked - is it my turn? - interesting
  - From: Noah Meyerhans <noahm@debian.org>
- Re: Hacked - is it my turn? - interesting
  - From: Philipp Schulte <pschulte@uni-duisburg.de>

Prev by Date: Re: Hacked - is it my turn? - interesting
Next by Date: Re: a problem with TCP port
Previous by thread: Re: Hacked - is it my turn? - interesting
Next by thread: Re: Hacked - is it my turn?
Index(es):
- Date
- Thread