- To: <slug@xxxxxxxxxxx>
- Subject: RE: [SLUG] stealthed ports
- From: "Visser, Martin" <martin.visser@xxxxxx>
- Date: Mon, 6 Jun 2005 07:56:19 +1000
- Thread-index: AcVp0RnWbsxRkWrNQGOMW54NA64m+QAR5V1A
- Thread-topic: [SLUG] stealthed ports
Kazik,
As Chris said try nmapping from outside. (If you think you are ready
publish, your IP name/address here and some of us will probably try and
hit you. Of course if your on the net already you have probably been
scanned many time already ;-)
A scanner detecting a port as in stealth simply means that it never got
a response on that port. (As opposed to open which means it received an
ACK and closed which means it got a RST). Of course if your link (or
sygate's) was congested when the scan was run it could be the scanner
didn't get a response in time and moved on to the next port.
If you turn up the logging level on your iptables firewall you can of
course see the incoming hits and verify that your firewall at least is
logging that it is doing what it is supposed to.
Martin
Martin Visser, CISSP
Network and Security Consultant
Consulting & Integration
Technology Solutions Group - HP Services
410 Concord Road
Rhodes NSW 2138
Australia
Mobile: +61-411-254-513
Fax: +61-2-9022-1800
E-mail: martin.visserAThp.com
This email (including any attachments) is intended only for the use of
the individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended
recipient, please notify HP immediately by return email and then delete
the email, destroy any printed copy and do not disclose or use the
information in it.
-----Original Message-----
From: slug-bounces@xxxxxxxxxxx [mailto:slug-bounces@xxxxxxxxxxx] On
Behalf Of Chris Deigan
Sent: Sunday, 5 June 2005 11:18 PM
To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] stealthed ports
quote("Kazik Malenczak");
>open grc says 113 is open and sygate says all ports are stealthed.
>Could someone tell me what is the best place to get a reliable scan
>done and why i get such widely varying results.
Run nmap from a remote box.
No idea about those sites though.
-Chris.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
SLUG Mailing List Archives