> May I ask you why you want to do this? Especially when you don't know > the difference between "ALL ACK" and "ACK ACK" ;-) He propably needs that to block nmap's initial ACK packet. If you tcpdump traffic generated by: nmap -s? -p 53 1.2.3.4
where ? is any of S,X,F,N. you will see: 1. icmp echo sent to 1.2.3.4 2. a single ACK packet to 1.2.3.4:80 3. The scan to 1.2.3.4:53 of course between 1 & 2 and 2 & 3 there may be packets generated by 1.2.3.4 as replies to those packets. If you block 1 (icmp echo request) nmap will say that the host is down, and will suggest using -P0 option. If you block 2, i don't know what happens, never looked into the sources. I guess that packets is meant to be a check for a primitive firewall. If there is one, that let's ACK in, and XMAS not, it _may_ be the case. Also maybe that ACK packet is used in OS fingerprinting. Maybe it checks for specific TCP parameters for the expected RST/ACK packet. Best Regards, Maciej Soltysiak
