[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: grouped tcp flags

[list added again, I think this is public interest and should be archived]
On 01/04/2003, HKSPKS@aol.com <HKSPKS@aol.com> wrote To pb@openbsd.de:
> I just wanted to drop all nmap and/or other harmful packets... I found half 
> of this list of flags @ nmap's forums by a guy saying which to block to stop 
> nmap, the other half I found on a sans.org site... I'll try to dig up a link 
> if you want it.  Which flags do you recommend blocking?
First off:
nmap is dumb
Furthermore, *most* people using nmap are completly clueless about
what is happening - and to make it worse: nmap interprets packets
coming back (or not) in a very "special" way. Let's say, it tries
to think for the user.
After all they see an output of closed/open/filtered ports which
is *way often* not even *close* to reality.
Please think it through .. all this 'hiding' is totally silly and useless.
Think about they get a response (or not) which is interpreted as
XYZ/tcp  filtered
Now what? Can they do something harmful w/ FUP on port XYZ there?
Can they even create a *valid* connection to there for carrying 
If you dont want port XYZ being reached. Block it. Completly. No
matter what fuxxored flag ever is set. Period.