Blocking or not?
Dear, good day.
I would like to talk about the importance we should give our doors
Doors which are starting points for attackers. Ando worried about a situation is very important that the port scanners
Using NMAP (uncontrollable tool port scan) code used to nmap -sS [target ip] -D [my ip] [ip any] really is identified for protection solution but does not effect the NMAP has a lock ip false to bypass IDS and firewall.
If I sT used in place of-the -sS -sT is the best by guarantee and does not alter the type of detection and blocking. It is as if one could confuse whom he should block.
As in command nmap -sF - 53 [ip] is not detected
Would not let execelente to run some command on the command line user basis to fool nmap as this possibility exists?
hugs
Comments 5 Comments • Jump to latest comment
You can stop this with a firewall and most IPS are automatically configured to stop this as well, or can be.
SEP Knowledge Base
Endpoint SWAT
Hi Brian,
The problem is that [ip]-D [ip] is detected and how he has a fake ip is not blocked allowing a new scan anyway and informing the doors open or filtered
hugs
Fabiano Pessoa
Systems Analyst - Forensic Expert
I've seen where major powers such as Kaspersky suffer with NMAP is almost uncontrollable when you know how to use this tool.
I agree with you Fabiano should pay attention to that.
Fabiano Pessoa
Systems Analyst - Forensic Expert
Basically, there is no way to control -D but sicne its only a decoy they will still be running a scan of some sort which the scan itself can be detectable.
SEP Knowledge Base
Endpoint SWAT
Would you like to reply?
Login or Register to post your comment.