Penetration Testing mailing list archives
Re: [PEN-TEST] Undetectible NMAP scans
From: Aj Effin ReznoR <aj () REZNOR COM>
Date: Sun, 27 Aug 2000 11:58:04 -0700
Jose Nazario wrote:
On Thu, 24 Aug 2000, Devdas Bhagat wrote:Its moved to http://www.openwall.com/scanlogd .while scanlogd can detect them, along with some other tools (scanlogd is my personal favorite), you can't stop stealth scans, either, without a packet filter that lets you block on the basis of arbitrary flags. ichains doesn't have that capability, as i recall. (i use OpenBSD/ipfilter firewalls, FWIW.)
Even tho people recommend Snort over it, I still prefer Abacus PortSentry (http://www.psionic.com/abacus/portsentry/). It's config allows for active response to portscans. It contains a list of defaults for ipfwadm as well as ipchains for a variety of OS flavors. Given the manner it works in, I reckon it'd be no problem at all to deploy it functioning with iptables/ipfilters. Also, if you don't care to drop routes, it will dump offending IPs into hosts.deny. BSD Today has an article at http://www.bsdtoday.com/2000/July/Features233.html as well. Psionic offers a log analyzer, LogCheck, on their site also. Works very well in conjunction with Portsentry or Snort. -aj.
Current thread:
- [PEN-TEST] Undetectible NMAP scans Steve Cody (Aug 22)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jose Nazario (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Aj Effin ReznoR (Aug 27)
- Re: [PEN-TEST] Undetectible NMAP scans Swen Schisler (Aug 28)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jan Muenther (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)