Penetration Testing mailing list archives
[PEN-TEST] Undetectible NMAP scans
From: Steve Cody <SCody () GULBRANDSEN COM>
Date: Tue, 22 Aug 2000 09:13:02 -0400
I was recently testing one of my firewalls using nmap. I used an option that I don't use much, the -sX (XMAS scan). I noticed that my ipchains based (Redhat 6.2) firewall did not make a single log entry during the entire scan. Also, the system that I scanned from was able to identify all of the services listening on my system, more importantly, it detected the listening, but blocked, ports. For example, I have port 110 blocked. However, on my internal home network, I connect to it for my POP3 mail. The scan was able to determine that port 110 is listening, even though that system cannot connect to it. The thing that disturbs me is that I was able to do a scan of my system and have it not be detected at all. All previous, and subsequent scans from that same host, if I did not use the -sX option in NMAP, create many entries in my log. Does anyone know what I can do with ipchains to make it more sensitive to this type of scan? I have since installed Port Sentry, so that scan is picked up by it, but still, I don't run Port Sentry on all of my systems for various reasons. Any ideas? Steve Cody
Current thread:
- [PEN-TEST] Undetectible NMAP scans Steve Cody (Aug 22)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jose Nazario (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Aj Effin ReznoR (Aug 27)
- Re: [PEN-TEST] Undetectible NMAP scans Swen Schisler (Aug 28)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jan Muenther (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)