Penetration Testing mailing list archives
Re: Different ways to portscan IPS
From: Daniel Miessler <daniel () danielmiessler com>
Date: Sun, 29 Nov 2009 00:29:11 -0500
On Nov 20, 2009, at 6:02 AM, Vimalâ„¢ wrote:
What are the different ways of port scanning the target when an IPS in placed. Some of the methods I used are: 1. Delay the scan prob (nmap --scan-delay) 2. Integrating the scanner with TOR
A couple of things to think about. Look at what normal SYNs look like, and try and emmulate them. Look at what bad SYNs look like, and don't look like those. I posted this a while back: http://danielmiessler.com/study/synpackets/ which shows that there are differences in traffic created by regular applications and traffic created by security tools. Take notice of this, and adjust accordingly. Also, just for giggles, consider using the decoy option with Nmap and loading in a list of DShield blacklisted addresses (assuming you're not trying to be quiet). It's likely to throw most off your trail. -- Daniel R. Miessler W: http://danielmiessler.com E: daniel () danielmiessler com P: 0x4048712D ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Different ways to portscan IPS Vimalâ„¢ (Nov 23)
- Re: Different ways to portscan IPS Daniel Miessler (Nov 30)