[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: strange results with pf

To: tech@openbsd.org
Subject: Re: strange results with pf
From: "Alexei G. Malinin" <mag@ecom-it.ru>
Date: Wed, 20 Aug 2003 13:57:37 +0400
Organization: ECom-IT Limited, Moscow
References: <200308200838.h7K8cGtj002138@mx.ecom-it.ru> <1061370838.352.2.camel@Active2> <200308200930.h7K9Uotj015728@mx.ecom-it.ru> <20030820094145.GA7790@insomnia.benzedrine.cx>
User-Agent: Mozilla (compatible, MSIE 5.5, Windows NT 4.0)

Daniel Hartmeier wrote:

>On Wed, Aug 20, 2003 at 01:26:35PM +0400, Alexei G. Malinin wrote:
>
>  
>
>>The talk is about all protocols (not only tcp) and protocol scanning by
>>nmap.
>>    
>>
>
>Make sure you are scanning from a separate host. Running nmap on the
>firewall itself (against one of its own addresses or another host) will
>cause EHOSTUNREACH errors from the stack when pf blocks outgoing
>packets (like, when you allow only flags S/SA to create state and block
>by default, but nmap tries to send ACK, SYN+ACK or xmas flags).
>
>Daniel
>
>  
>
I scanned from separate host.

-- 
Alexei Malinin,
Chief Specialist of
Network Technologies Department,
ECom-IT Limited,  Moscow
Basic Element Inc.,  Russia

Follow-Ups:
- Re: strange results with pf
  - From: Daniel Hartmeier <daniel@benzedrine.cx>

References:
- strange results with pf
  - From: "Alexei G. Malinin" <mag@ecom-it.ru>
- Re: strange results with pf
  - From: Matthijs Mohlmann <matthijs@active2.homelinux.org>
- Re: strange results with pf
  - From: "Alexei G. Malinin" <mag@ecom-it.ru>
- Re: strange results with pf
  - From: Daniel Hartmeier <daniel@benzedrine.cx>

Prev by Date: Re: strange results with pf
Next by Date: Re: strange results with pf
Prev by thread: Re: strange results with pf
Next by thread: Re: strange results with pf
Index(es):
- Date
- Thread