Nmap Announce mailing list archives

RE: Detected NMAP scan

From: Lance Spitzner <spitzner () dimension net>
Date: Wed, 6 Jan 1999 18:16:27 -0500 (EST)

On Wed, 6 Jan 1999, Lamont Granquist wrote:

Also, I've been noticing that while the script kiddies tend to use
something like mscan and really pound on your machine that there are some
more sophisticated people out there who are portscanning for specific
services and are not scanning over a range.  Therefore any of these
detection methods that rely on X number of hits to closed ports in Y time
units is going to fail to stop them.


I agree with you fully on this.  I've done quite a few firewalls.  I set these
up for automated intrusion detection, listening on specific ports, such as
imap, pop3, zone transfers, http, etc.  If your interested, check it out at
http://www.enteract.com/~lspitz/intrusion.html

Lance Spitzner
http://www.enteract.com/~lspitz
Internetworking & Security Engineer
Dimension Enterprises Inc

Current thread:

RE: Detected NMAP scan Frank W. Keeney (Jan 06)
- RE: Detected NMAP scan joff (Jan 06)
  - RE: Detected NMAP scan David G. Andersen (Jan 06)
    - RE: Detected NMAP scan Lamont Granquist (Jan 06)
    - RE: Detected NMAP scan Lance Spitzner (Jan 06)
    - RE: Detected NMAP scan Jordan Ritter (Jan 06)
    - RE: Detected NMAP scan Simple Nomad (Jan 06)
  - Re: Detected NMAP scan Dave Packham (Jan 06)
    - Re: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Max Vision (Jan 06)
  - Re: Detected NMAP scan Chris Tobkin (Jan 06)
- <Possible follow-ups>
- RE: Detected NMAP scan wanb0y (Jan 06)