Skip to main content
Topic: what is a stateless firewall rule (Read 37 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

what is a stateless firewall rule

I was looking over the man page for nmap and I see this term which I've read before, but don't fully understand.

What exactly is a stateless firewall rule?

For example:
 -sA (TCP ACK scan)
           This scan is different than the others discussed so far in that it
           never determines open (or even open|filtered) ports. It is used to
           map out firewall rulesets, determining whether they are stateful or
           not and which ports are filtered.

           The ACK scan probe packet has only the ACK flag set (unless you use
           --scanflags). When scanning unfiltered systems, open and closed
           ports will both return a RST packet. Nmap then labels them as
           unfiltered, meaning that they are reachable by the ACK packet, but
           whether they are open or closed is undetermined. Ports that don't
           respond, or send certain ICMP error messages back (type 3, code 0,
           1, 2, 3, 9, 10, or 13), are labeled filtered.