Nmap Announce mailing list archives
Re: how to know scan is correct?
From: Justin <jguyett () andrew cmu edu>
Date: Thu, 10 Feb 2000 01:09:22 -0500 (EST)
On Wed, 9 Feb 2000, Marcy Abene wrote:
You can't avoid a syn scan - what do you think you are talking about? Here, look. :->
That's why you have a iptables/whatever module that listens looks for syns to non-open ports, logs once, then filters the offending ip/netmask for 30 minutes or a few days if you're particularly fascist. The chance that they'll hit an important port in a random scan is (open ports) / everything in /etc/services. The chance that they'll get a significant number of open ports before they hit a banned port and are filtered is just about 0 unless the box is running a stock redhat installation, and in that case you have more important things to worry about than whether or not people can find open ports. Anyway, for people who are or who want to be seen as being really concerned about security, you can always allow specific hostmasks and deny everything else. I always love it when an admin has to add a hostmask to a box's filter rules before you can ssh in, but has 5 year old exploitable suid binaries. Justin
Current thread:
- Re: how to know scan is correct? Marcy Abene (Feb 09)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Justin (Feb 11)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 11)
- Re: how to know scan is correct? Mikael Olsson (Feb 11)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 10)
- Re: how to know scan is correct? Eric Hankins (Feb 11)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? $eeweed (Feb 10)
- Re: how to know scan is correct? Enrico Demarin (Feb 11)