On Thu, Nov 21, 2002 at 12:15:27PM +1300, Simon Byrnand wrote: > At 18:01 16/11/02 +0100, Miguel Angel Rodríguez Jódar wrote: > > [...] > This makes it possible to tell the difference with a scanner between a TCP > port which is really closed (sends a RST) and a TCP port that is firewalled > with REJECT. (Sends an ICMP DEST UNREACH)
A scanner checks the UDP ports by sending a packet if there is no answer it assumes that the port is open (if the machine is up) it is closed if there is a "port-unreachable-ICMP" message (as far as I understood the scanners) For TCP a scanner can differentiate between OPEN, CLOSED and FILTERED ports by the message that is comming back (or not comming back)... have a nice day Pierre > Regards, > Simon >