[ale] Nmap + filtered ports

Chris Ricker kaboom at oobleck.net
Fri Dec 16 18:27:53 EST 2005


On Fri, 16 Dec 2005, Brian MacLeod wrote:

> Right, I think I understand this.  But the flip side to this is that the
> attacker now knows that there is a machine there, whereas if you drop the
> packet, he doesn't know whether it is because of a firewall dropping packets
> or because it is an unused IP address.  If my assumption is correct, hackers
> are not going to want to investigate this further since it could be a waste
> of time.

Not exactly

You usually get an active response from somewhere for an unused IP address 
- things like ICMP host unreachables from the switch upstream, etc

later,
chris



More information about the Ale mailing list