Hi Thomas. Thanks for your explanation. Now I undertand the complete scene... Anyway, what would be the practical difference if I open the port 113 in the firewall??? Nmap would keep reporting 113 is "closed" as long as I don't start any application listening on that port... Am I right? Nice we everybody! On Friday 13 September 2002 17:19, Thomas Seliger wrote:
It does exactly what you said, it REJECTS the packet. Reject means that a "reject packet" is send back to the remote host. If you had a deny rule here, the firewall would just drop the packet (thats the difference between deny and reject).
NMAP gets the reject packet and assumes that the port is there but closed (hence the "closed" state).
113 is usually set to REJECT instead of DENY because some services tend to take some time to realize that auth over 113 is disabled when they are waiting for the response. Reject tells em that auth is disabled.