Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Server blocks access of IP after nmap scan

From: Dan Lynch <DLynch () placer ca gov>
Date: Wed, 18 May 2011 10:34:10 -0700
so i guess after the nmap scan the server somehow 
protected itself by blocking access to the site for my ip. I 
would like to know what I can do in this case, how I can 
successfully complete a nmap scan without putting it 'down'. 


First make sure this is within the acceptable use guidelines of your ISP and the server owner's ISP. If it's not, you'd 
best knock it off.

But if it is, there's likely an active IPS somewhere in your path to the server. Use nmap's timing options (either -T 
or -max-rate)to go "low-and-slow" and avoid triggering the IPS. You don't know what the IPS thresholds are set to, so 
be conservative, and be patient -- this will take a while.

An idle/zombie scan is inherently slower, but still subject to rate-based IPS alerts. You protect your real IP address 
from the target, but the zombie will get blocked if it triggers the IPS.


Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: