[aclug-L] Re: Hacker or ??

["gLaNDix (Jesse Kaufman)" <glandix@xxxxxxxxxxxxxx>]

On 18 Sep 2001 16:49:08 -0500, Steven Saner wrote:
> 
> You are likely to receive a SYN packet (basically just a mostly empty
> TCP packet that is asking to make a connection) for any real IP
> address that is on your network. If there is no machine with that IP
> address, then there will of course be no response, other than maybe an
> ICMP host unreachable from your router. If there is a machine with
> that IP address, but there is nothing listening to port 80, there will
> be a response basically saying that the port is not open. If you have
> private addresses behind the NAT box, there won't be a connection
> attempt to those directly.

ok, so i'm understanding it ok, then...  i used to have both boxes get a
routable/"real" ip address via dhcp on my cablemodem, but now it's setup
so my router/firewall gets the real ip and my wkstation uses 192.168.0.2
so that no connections (sans a few i've opened w/ port redirection for
ftp and napster-like progs) can be made to it from outside...

let's say 11.12.13.14 tries to make a connection to me, but i've setup
my firewall to deny tcp and udp from 11.12.13.14 on any port...  will my
machine send back a packet that says "connection refused", "host
unreachable", or just drop the packet and ignore it like it didn't
exist?

i know these are pretty basic questions, but i've never really dove into
stuff this deep before, and we're still on the OSI physical layer which
is a bit below this, iirc...  can't recall for sure, but would this be
in the network layer of the OSI model?

also, other than the online cisco cirriculum, do you know of any good
online reading that discusses this in an fairly easy-to-understand way?
i'm sure O'Reily has atleast one book about this stuff, but after all my
novell books, i'm flat broke!  : ^ )

thx,
gLaNDix


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi