Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Suggestion - IDS/IPS detection.

From: jah <jah () zadkiel plus com>
Date: Mon, 18 Jun 2007 22:49:27 +0100
Often, scanning a target will trigger some sort of prevention system and 
the target drops all packets from the nmap host from that point 
onwards.  Sometimes the target will also put into effect a lockout 
period during which all packets from the nmap host are dropped.

I'd like to see nmap respond to such filtering where the target has 
previously responded to one or more probes.

It could do that perhaps, by periodically pinging a known open port, 
after a certain time has elapsed during which the target has not responded.

Any nmap output might then reflect that a previously known open port has 
ceased to respond along with an approximate time (perhaps a window 
between a successful and an unsuccessful ping) of cessation.



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: