[ale] Nmap + filtered ports
Chris Ricker
kaboom at oobleck.net
Wed Dec 7 18:30:32 EST 2005
On Wed, 7 Dec 2005, James P. Kinney III wrote:
> On Wed, 2005-12-07 at 16:43 -0500, Christopher Fowler wrote:
> > Can someone tell me how nmap sees "filtered" ports? I've got my rule se
> > to reject and nmap can see that something is there but it is being
> > rejected. I thought "REJECT" would appear as if there was no one bind
> > ()'ing on that port?
> >
> >
> -j REJECT --reject-with icmp-host-prohibited
Unbound TCP ports should return a reset, so
iptables -p tcp -j REJECT --reject-with tcp-reset
would be preferable - looks the same as if the tcp port's not bound
For udp,
iptables -p udp -j REJECT
does the right thing (ICMP port unreachable) by default
later,
chris
More information about the Ale
mailing list