Re: Fwd: Re[2]: how nmap can know my firewalled servers ?

On 2006-04-19 John Bond wrote:
> On 4/14/06, Thierry Zoller <Thierry@zoller.lu> wrote:
> > Lots of Packetfilters answer with ICMP Administravtively Prohibited,
> > sometimes also leaking their internal IP address by the way..  It is
> > a common way to respond every IP stack I know about will understand
> > that message.
>
> this is a little of topic but i read a something recently where it was
> pointed out that one has to answer with Administravtively Prohibited
> to indicate that the user is breaking the rules.  this gives
> precedence to press charges if scanning continues.

"Administratively prohibited" is a mere notification that the
administrator has RIGHT NOW restricted access to THIS port. It
doesn't tell anything about any other ports or any other time.

Using e.g. an exploit to get around that restriction would be breaking
the rules, trying to access another port or the same port on another day
wouldn't.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------