Nmap Announce mailing list archives
RE: Detected NMAP scan
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Wed, 6 Jan 1999 14:21:27 -0800
On Wed, 6 Jan 1999, David G. Andersen wrote:
Would it perhaps be impolite to suggest that if you detect a SYN port scan, and start refusing all connections from that IP, that your tool opens up a beautiful DOS attack against the host system?
[...snip...] Also, I've been noticing that while the script kiddies tend to use something like mscan and really pound on your machine that there are some more sophisticated people out there who are portscanning for specific services and are not scanning over a range. Therefore any of these detection methods that rely on X number of hits to closed ports in Y time units is going to fail to stop them. -- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- RE: Detected NMAP scan Frank W. Keeney (Jan 06)
- RE: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan David G. Andersen (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Lance Spitzner (Jan 06)
- RE: Detected NMAP scan Jordan Ritter (Jan 06)
- RE: Detected NMAP scan Simple Nomad (Jan 06)
- RE: Detected NMAP scan David G. Andersen (Jan 06)
- Re: Detected NMAP scan Dave Packham (Jan 06)
- Re: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Max Vision (Jan 06)
- Re: Detected NMAP scan Chris Tobkin (Jan 06)
- <Possible follow-ups>
- RE: Detected NMAP scan wanb0y (Jan 06)