Nmap Development mailing list archives
Re: Nmap and Sygate Personal Firewall
From: kx <kxmail () gmail com>
Date: Mon, 22 May 2006 20:23:08 -0400
I think it is a winpcap/sygate interaction issue due to this thread on winpcap-users: http://www.winpcap.org/pipermail/winpcap-users/2006-May/001048.html I believe sygate has a protection mechanism to avoid parallel stack firewall evasion. http://www.vigilantminds.com/files/defeating_windows_personal_firewalls.pdf Sygate Personal Firewall 5.6.2808.0 detected a parallel stack in the above linked paper. "1 - Parallel Stack - Bypass This attack involves attempting to bypass filtering that is performed at higher layers by communicating directly with the NDIS interface. If the firewall performs filtering at a layer higher than NDIS, then it will not be able to see this communication. The attack works by using its own Network protocol layer driver, so it could be prevented by either monitoring the loading of protocol drivers or performing filtering at the NDIS layer. Winpcap and Nemesis http://www.winpcap.org and http://www.packetfactory.net" Cheers, kx
On 5/22/06, Jim Hayes <sd1986 () optonline net> wrote:In the past I was able to perform scans with the Sygate PF enabled and had no issues. Recently I am having issues with network connectivity after a scan and need to reboot. If I disable the FW before the scan then I will not run into any problems. Anyone have any thoughts on how I can resolve Using the latest versions of Nmap and version 5.6 of the Sygate Personal Firewall Jim _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Nmap and Sygate Personal Firewall Jim Hayes (May 22)
- Re: Nmap and Sygate Personal Firewall kx (May 22)
- Re: Nmap and Sygate Personal Firewall kx (May 22)
- Re: Nmap and Sygate Personal Firewall kx (May 22)