Hi,
this is absolutly the expected behaviour. On target REJECT ipchains
is sending a RST packet back to nmap and so nmap 'thinks', ohh wow,
there must be a filter or something is blocking my SYN.
If you want to be invisible to SYN-scans just write DENY instead of
REJECT.
cu
J"org.
--
J�rg Marx
secunet
Security Networks AG Tel./Fax: +49 351 43959 40
Ammonstra�e 72 E-Mail: [EMAIL PROTECTED]
01067 Dresden
> -----Original Message-----
> From: gilles [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, July 08, 2001 10:08 AM
> To: [EMAIL PROTECTED]
> Subject: ipchains, the lyer
>
>
> Hi,
>
> I've applied an ipchain command on my linux box in way to
> test mysql on frontal
> server ... a dark story about DBI->connect errors between
> server and client.
> So, I've put
> ipchains -I input 1 ! -i lo -d 0/0 mysql -p tcp -j REJECT
> on a term and launched the mysql server, performed my tests
> on mysql on
> localhost and then I've shut it down but I've got this:
>
> [root@depht ddclient-3.4.2]# nmap -sS 10.0.0.10 -P0 -p3306
>
> Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] (
> www.insecure.org/nmap/ )
> Interesting ports on (10.0.0.10):
> Port State Service
> 3306/tcp filtered mysql
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>
> This port doesn't appear in `netstat -ln` command. Have you an idea ?
>
> gilles
> --
> Arretez de voler, l'etat n'aime pas la concurrence !
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
