Hello,
When nmap scan is executed against our device (LwIP 1.4.1), it responds with
RST for SYN even when the socket/port is listening only UDP "connections".
Is this correct behavior (does some RFC say something about this?) or should it
just drop silently the SYN packet as it does for unused
So,
TCP SYN to port A returns RST
TCP SYN to port x for every x != A returns nothing.
There is no app listening to TCP port A
There is an app listening to UDP port A
Did I get it properly ?
I don't think that is correct behaviour. AFAIK TCP knows nothing about
UDP and viceversa, same port number
Yes, that is correct.
I opened a new socket to new (random) port 5 and then run nmap scan to
ports 49998-50002.
No reply from ports except 5 which sends RST. Wireshark log attached.
Nmap command:
nmap -p 49998-50002 -v -n --scan-delay 1ms -r 192.168.0.11
Nmap results:
49998/tcp filte
Esa Hill wrote:
> When nmap scan is executed against our device (LwIP 1.4.1), it responds with
> RST for SYN even
> when the socket/port is listening only UDP “connections”.
>
> Is this correct behavior (does some RFC say something about this?) or should
> it just drop silently
> the SYN packet
-Original Message-
From: lwip-users [mailto:lwip-users-bounces+esa.hill=wapice@nongnu.org] On
Behalf Of Simon Goldschmidt
Sent: 18. huhtikuuta 2016 10:45
To: lwip-users@nongnu.org
Subject: Re: [lwip-users] TCP SYN to UDP port
Esa Hill wrote:
> When nmap scan is executed against our
Esa Hill wrote:
> I already studied it a bit, but I wasn't sure where I could get information
> that we are handling a UDP socket there.
> Or could I assume that it's not a TCP socket and therefore skip the RST?
I totally don't get that question.
> I forgot to say that we have a list of open por
So, summarizing, that RST was leaking your filter, one that was
filtering out all other RSTs sent as response on unused TCP ports:
You Your port lwip
TCP SYN on port x -->--> let me see
silence block! <-- RST
TCP SYN on port A -
> Well, thanks for not saying this earlyier ;-) Of course, if you almost
> randomly filter out packets, you can't expect us to explain the observed
> behaviour.
My apologies.
> Before implementing such a change, you should obviously know very well what
> you are doing (e.g.: UDP has really and
> So, summarizing, that RST was leaking your filter, one that was filtering out
> all other RSTs sent as response on unused TCP ports:
We are filtering only incoming packets. LwIP does not see these packets at all.
The port check does not currently check protocol, so the SYN passes the check
wh
> I could fix this issue there by checking the protocol too. Then
> there is no need to touch LwIP. Thank you for this idea :)
Thank the guys at DEC and Bell Labs who invented the packet filtering
firewall in the late 80's.
___
lwip-users mailing
10 matches
Mail list logo
