Le ven 02/04/2004 à 22:00, Ranjeet Shetye a écrit : > you might have "/etc/hosts.allow" and "/etc/hosts.deny" files lying > around that WILL interfere, without you being aware of what's happening. A port scan will see thoses ports as opened, as an application wrapper, such as tcpd, needs the TCP connection establishment to complete for getting client IP from the socket. It's something like Client Server ----- SYN ----> <-- SYN/ACK --- ----- ACK ----> Check for client IP => forbiden <-- RST/ACK --- When you portscan, you consider the port as opened as soon as you get the SYN/ACK from server (half-open scan, e.g. nmap -sS) or see the socket opened (connect scan, e.g. nmap -sT). Both theses two methods will show port as open, even if wrapped. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
