Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Blocking or not?

Created: 04 Sep 2012 | 5 comments
Fabiano.Pessoa's picture

Dear, good day.

I would like to talk about the importance we should give our doors
Doors which are starting points for attackers. Ando worried about a situation is very important that the port scanners
Using NMAP (uncontrollable tool port scan) code used to nmap -sS [target ip] -D [my ip] [ip any] really is identified for protection solution but does not effect the NMAP has a lock ip false to bypass IDS and firewall.
If I sT used in place of-the -sS -sT is the best by guarantee and does not alter the type of detection and blocking. It is as if one could confuse whom he should block.
As in command nmap -sF - 53 [ip] is not detected
Would not let execelente to run some command on the command line user basis to fool nmap as this possibility exists?

hugs

Comments 5 CommentsJump to latest comment

.Brian's picture

You can stop this with a firewall and most IPS are automatically configured to stop this as well, or can be.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Fabiano.Pessoa's picture

Hi Brian,

The problem is that [ip]-D [ip] is detected and how he has a fake ip is not blocked allowing a new scan anyway and informing the doors open or filtered

hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert

Gaspar52's picture

I've seen where major powers such as Kaspersky suffer with NMAP is almost uncontrollable when you know how to use this tool.
I agree with you Fabiano should pay attention to that.

Fabiano.Pessoa's picture

yes

Fabiano Pessoa

Systems Analyst - Forensic Expert

.Brian's picture

Basically, there is no way to control -D but sicne its only a decoy they will still be running a scan of some sort which the scan itself can be detectable.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.