Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request for discussion on defending against specific Nmap TCP syn and version scans.

From: Martin Mačok <martin.macok () underground cz>
Date: Sat, 4 Mar 2006 09:32:22 +0100
On Thu, Mar 02, 2006 at 04:46:25PM -0800, Aaron wrote:


There may also be some interest in looking up tarpitting. It does
not stop scanning but maybe be used in conjunction with changing the
OS fingerprint to slow a scan


May not work for a long because there is a pending patch (from me) for
detecting tarpitted ports in Nmap:

http://Xtrmntr.org/ORBman/tmp/nmap/nmap-3.95-detect_TARPIT.patch

(applies to all current releases)

P.S. If you know about different tarpit methods that does not get
detected with the patch above, please let me know...

Martin Mačok
ICT Security Consultant

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed 
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) 
and Response solution, leverages Cisco NetFlow to provide scalable, 
internal network security. 
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response 
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: