On Tue, 02 Dec 2003 13:19:14 -0500, Chris Brenton <cbrenton@xxxxxxxxxxxxxxxx> wrote in message <1070389153.2057.34.camel@grendel>: > Greetings! > > On Tue, 2003-12-02 at 11:26, Thomas Preissler wrote: > > > > I mean, that it looks like that the computer with the ip x is not > > reachable as the same as it is, when you address an ip that > > addresses no computer, i.e. is an unused ip. > > Then using a "drop" is not quite the same. Let's say you have no > firewall and someone sends a packet to an unused IP: > > packet is received by your edge router > router realizes the target IP is local off of one interface > router sends 3 ARP requests for the IP > When no ARP reply is received, router gives up and returns a host > unreachable to the source IP > > Again, nmap expects the above which is why it reports "filtered" when > it hits your drop rule. This is why you can mess up its results by > returning host unreachables. ..so, to play dead, we really oughtta wait for the 3'rd "ping" before firing off the "Destination Host Unreachable"? -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
