RE: hi there !!!

[Gerald Combs <gerald () ethereal com>]

It might be possible to become invisible using something like Portsentry
(http://www.psionic.com/abacus/portsentry).  It's designed to detect
port scans, and take action in real time when a scan is detected.

If you have a sufficiently recent version of Portsentry, you should be
able to configure it to monitor in stealth mode and add a firewall rule to
drop packets from the scanning host once a scan is detected.  If you have
your firewall rules set up in accordance with Jeremy's message below,
your host could theoretically be invisible, provided Portsentry took
action before nmap hit any active services.


On Thu, 3 Jan 2002, Jeremy Brooks wrote:

> there's really not much chance of it becoming invisible if you run any
> services on the box. You can however, on Linux using ipchains, employ
> rules that are generic enough to block probes but not produce a response
> for nmap to report. For example, explicitly blocking port 111 will cause
> nmap to report that 111 is filtered or closed. This makes it obvious
> that your box is there and blocking the port...  and definitely not
> invisible.  If you let these probes fall all the way through the chain
> to a default rule that blocks them then nmap will not report anything
> for port 111. Getting probes on every port to fall through while
> maintaining your internet connectivity may be tricky.
>
> -Jeremy  
>
> -----Original Message-----
> From: Josh Steele [mailto:jsteele () codefusion org]
> Sent: Thursday, January 03, 2002 7:18 AM
> To: arendashu ph
> Cc: nmap-dev () insecure org
> Subject: Re: hi there !!!
>
>
> There really is no way to make your server "invisible" persay.  You can
> use firewalling to block certain ports, etc. but say if you cut off ping
> reply's, there is a chance you might affect other service's ran on the
> server.  As far as OS detection..there are some steps you can take so
> that
> (never implemented this) so that say you run FreeBSD
> 4.4-RELEASE, but if you do an OS detection on the machine it reports
> back
> Windows2000, etc.  If you are not really concerned with that, but just
> don't want people scanning you, install a IDS system that will notify
> you,
> log, add firewalling, etc. of any scan attempts.
>
> Josh
>
>
> On Thu, 3 Jan 2002, arendashu ph wrote:
>
> > hi there,,
> >
> >
> > i am a new member...and i want to ask u if there is a
> > protection against nmap ...i mean like if someone is
> > scaning me with nmap ..is there a way to make my
> > server invisible to nmap ?
> >
> >
> >         thnak you !!!
> >
> >
> > PS: please excuse my english !!!
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send your FREE holiday greetings online!
> > http://greetings.yahoo.com
> >
> > ---------------------------------------------------------------------
> > For help using this (nmap-dev) mailing list, send a blank email to
> > nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to 
> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
>
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).