Penetration Testing mailing list archives
Re: Request for discussion on defending against specific Nmap TCP syn and version scans.
From: Martin Mačok <martin.macok () underground cz>
Date: Sat, 4 Mar 2006 09:32:22 +0100
On Thu, Mar 02, 2006 at 04:46:25PM -0800, Aaron wrote:
There may also be some interest in looking up tarpitting. It does not stop scanning but maybe be used in conjunction with changing the OS fingerprint to slow a scan
May not work for a long because there is a pending patch (from me) for detecting tarpitted ports in Nmap: http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.95-detect_TARPIT.patch (applies to all current releases) P.S. If you know about different tarpit methods that does not get detected with the patch above, please let me know... Martin Mačok ICT Security Consultant ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans., (continued)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Martin Mačok (Mar 02)
- Bank pen test Noe Espinoza Mancillas (Mar 02)
- RE: Bank pen test Andy Meyers (Mar 03)
- RE: Bank pen test mystic33 (Mar 03)
- Re: Bank pen test Noe Espinoza Mancillas (Mar 03)
- Re: Bank pen test Rick Zhong (Mar 03)
- RE: Bank pen test Omar A. Herrera (Mar 04)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. revnic (Mar 02)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Aaron (Mar 03)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. ober (Mar 04)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Martin Mačok (Mar 04)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Aaron (Mar 03)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. krantikari26 (Mar 02)