Snort mailing list archives
Nmap Scanning with Snort Detection
From: Friday Akpan <akpano () yahoo com>
Date: Wed, 1 Jan 2003 16:21:15 -0800 (PST)
Hi, I am working with the Nmap network scanning tool and also looking at using the Snort open source intrusion detection system to detect these scanning activities. I discovered that Nmap using the ICMP Ping Discovery option seems not to scan the network with any of the Nmap Scan types (SYN stealth, FIN stealth, Ping Sweep, etc.) The output for most of the scan types is the same, and a sample is attached to this email. Also, the Snort intrusion detection system does not detect scanning with Nmap using the ICMP Ping Discovery method at all. Is this normal? Or, there is something I need to do. Please I will appreciate your contributions on this. Thank you. Best regards, Friday Starting nmap V. 3.00 ( www.insecure.org/nmap ) Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 30 seconds __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Nmap Scanning with Snort Detection Friday Akpan (Jan 01)