Penetration Testing mailing list archives

Re: [PEN-TEST] Undetectible NMAP scans

From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Wed, 23 Aug 2000 12:25:48 -0300

Em Tue, Aug 22, 2000 at 09:13:02AM -0400, Steve Cody escreveu:

I was recently testing one of my firewalls using nmap.  I used an option
that I don't use much, the -sX (XMAS scan).  I noticed that my ipchains
based (Redhat 6.2) firewall did not make a single log entry during the


ipchains-based packet filters can only detect SYN or connect scans. FIN
scans and derivatives thereof will not be detected with ipchains. You
will have to use another tool, such as portsentry (www.psionic.com) or
snort (www.snort.org).
In my last test, portsentry wasn't able to detect an ACK scan generated
by nmap. This type of scan is specific to show filtered ports. All other
scans were detected.


--
Andreas Hasenack
andreas () conectiva com br
BIG Linux user!

Current thread:

[PEN-TEST] Undetectible NMAP scans Steve Cody (Aug 22)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)
  - Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
    - Re: [PEN-TEST] Undetectible NMAP scans Jose Nazario (Aug 26)
    - Re: [PEN-TEST] Undetectible NMAP scans Aj Effin ReznoR (Aug 27)
    - Re: [PEN-TEST] Undetectible NMAP scans Swen Schisler (Aug 28)
    - Re: [PEN-TEST] Undetectible NMAP scans Jan Muenther (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Andreas Hasenack (Aug 24)