Penetration Testing mailing list archives
Re: Request for discussion on defending against specific Nmap TCP syn and version scans.
From: krantikari26 () 30gigs com
Date: 2 Mar 2006 08:36:59 -0000
hai gus see if u try to analyse the packets using ethereal , that the tcp conversations is deffierent in both te cases so for the case a. betwenn namp and webserver syn-synack-rst-syn-synack-getrequest b.between browser and webserver syn-synack-ack-getrequest so depanding up the pattern of packets from particular host we can design a snort rule to detect the legtimate user and the hacker request few points can help to desighn a rule 1. the namp will send on "GET / HTTP 1.1 /r/n" in the request so it can be detected , whereas the normal browser will send other values too like user-agent ,accept-language etc,sothis can help us to design the rule 2. the sequence number can also help and it will be different in both the type of conversations, 3.to normal conversation websever will send the code=200 ok where as in nmap converstion it will send code=404 object not found Please comment kkdear ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Bank pen test, (continued)
- Bank pen test Noe Espinoza Mancillas (Mar 02)
- RE: Bank pen test Andy Meyers (Mar 03)
- RE: Bank pen test mystic33 (Mar 03)
- Re: Bank pen test Noe Espinoza Mancillas (Mar 03)
- Re: Bank pen test Rick Zhong (Mar 03)
- RE: Bank pen test Omar A. Herrera (Mar 04)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. revnic (Mar 02)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. krantikari26 (Mar 02)
- Bank pen test Noe Espinoza Mancillas (Mar 02)