Penetration Testing mailing list archives
Re: [PEN-TEST] Undetectible NMAP scans
From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Wed, 23 Aug 2000 12:25:48 -0300
Em Tue, Aug 22, 2000 at 09:13:02AM -0400, Steve Cody escreveu:
I was recently testing one of my firewalls using nmap. I used an option that I don't use much, the -sX (XMAS scan). I noticed that my ipchains based (Redhat 6.2) firewall did not make a single log entry during the
ipchains-based packet filters can only detect SYN or connect scans. FIN scans and derivatives thereof will not be detected with ipchains. You will have to use another tool, such as portsentry (www.psionic.com) or snort (www.snort.org). In my last test, portsentry wasn't able to detect an ACK scan generated by nmap. This type of scan is specific to show filtered ports. All other scans were detected. -- Andreas Hasenack andreas () conectiva com br BIG Linux user!
Current thread:
- [PEN-TEST] Undetectible NMAP scans Steve Cody (Aug 22)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jose Nazario (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Aj Effin ReznoR (Aug 27)
- Re: [PEN-TEST] Undetectible NMAP scans Swen Schisler (Aug 28)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jan Muenther (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)