Cześć Maciek :) On Thu, 28 Feb 2002, Maciej Soltysiak wrote:
> i did some quick research on this. > > i recommend using multiple unclean matches > one for icmp, one for tcp, and so on [..] > > a XMAS scan will not show anything. port is closed :) There is other behaviour then scanning DNATed IPs I can see that UDP ports looks always opened and opened tcp ports also looks opened regardless of what tricks with unclean you use, closed DENYed ports looks filtered. I have been considering if it was DNAT specyfic or it depends of configuration of box doing DNAT but I have no possibility to test it. Regards tw -- ---------------- ck.eter.tym.pl
