Re: [squid-users] Re: RE: How do I hide port 3128?

From: fooler <fooler@dont-contact.us>
Date: Fri, 13 May 2005 17:07:19 +0800

----- Original Message -----
From: "Denis Vlasenko" <vda@ilport.com.ua>
To: "fooler" <fooler@skyinet.net>; <squid-users@squid-cache.org>; "Niels"
<zorglub_olsen@hotmail.com>
Sent: Friday, May 13, 2005 4:57 PM
Subject: Re: [squid-users] Re: RE: How do I hide port 3128?

> > the simple logic and attack of nmap is that, it send a *tcp syn* to the
> > target host... if the the target host reply a *tcp syn/ack*... then nmap
> > will display that port is *open* otherwise nmap will assumed that port
is
> > *filtered*... therefore, filtering thru packet filter, binding to
> > localhost, whatever trick you gonna do... it will give you the same
results
> > from nmap...
>
> Not entirely correct info.
>
> Filtering with -DROP will make host NOT answer SYNs to 3128 at all,
> thus nmap will show this port as 'filtered'.

your explanation is the same as mine... so what is incorrect in there?

> Binding squid to 127.0.0.1:3128 will make host reply with RSTs
> ("I don't have this port open, go away"), nmap will show 'closed'.

yes it will display *closed* when the target host reply with a RST packet...
but my statement above is only about when a target host replies either tcp
syn/ack or not at all....

fooler.
Received on Fri May 13 2005 - 03:09:18 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT