Re: firewalk and nmap

From: fatb (fatb@security.zz.ha.cn)
Date: Thu Aug 18 2005 - 11:43:45 EDT

• Next message: fatb: "Re: MS05-039 Scanner"
• Previous message: Graeme Connell: "Re: MS05-039 Scanner"
• In reply to: Christian Perst: "firewalk and nmap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I thought the two results are the same means.
if a "closed" port run some daemon to listen any incoming request,it means "open".
at this time,the hacker will make use of the "closed" port to bind a shell.

----- Original Message -----
From: "Christian Perst" <chris_perst@gmx.de>
To: <pen-test@securityfocus.com>
Sent: Wednesday, August 17, 2005 2:53 PM
Subject: firewalk and nmap

> Hi list,
>
> three years ago I could read that firewalk is for better use
> for testing ACLs on firewalls compared to nmap.
>
> Today I can test with nmap if a port on a machine is open (Syn -
> Syn-ack), closed or unfiltered (Syn - Rst-ack) and filterd (Syn
> - nothing).
> If firewalk does the scan on the firewall in front of the server
> I get open, closed and filtered. Isn't the closed port from nmap
> the same as an open port on the firewall?
>
>
> e.g.
>
> -->-------------FW--------------Server
> open 22 80
> ports: 80
>
> nmap will show:
> 22 closed
> 80 open
> .. filtered
>
> firewalk:
> 22 A! open (port not listen)
> 80 A! open (port listen)
> .. *no response*
>
> If a port with nmap is closed, it surely is not filterd by the FW,
> since I get a RST back.
> So is there a difference anymore? Are there any settings where
> firewalk can take advantage of?
>
> Thanks,
> Chris
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>

• Next message: fatb: "Re: MS05-039 Scanner"
• Previous message: Graeme Connell: "Re: MS05-039 Scanner"
• In reply to: Christian Perst: "firewalk and nmap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:45 EDT