On Tue, May 28, 2002 at 10:16:13PM +0200, Maciej Soltysiak wrote: > 1. A SYN-ACK response: this means the port is open and accepting connections > > 2. An ICMP 'port unreachable' mening the port is closed and not accepting > connections.
As Joe once pointed out: 'port unreachable' is not being used for TCP. RST is being used for TCP. > 3. Nothing at all, which tells nmap that something is blocking access, > because a normal TCP/IP stack would respond with one or other of the above. > > (There are other possibilities such as ICMP redirect, TCP RST etc: I'm not > sure what nmap tells you when it gets one of these) "ICMP redirect" is not one of them for some reasons: 1) ICMP redirect is only meant for the same subnet. 2) Sending ICMP redirect does not mean that you drop the original packet. You process the original packet and in the meanwhile you send an ICMP redirect to tell the (intermediate) sender that there is a better hop to forward the packets to. 3) ICMP redirect does not have to be end-to-end. ... Ramin
