mailing list archives
Re: BlackICE and nmap
From: Matt <matt () use net>
Date: Wed, 24 May 2000 12:29:56 -0700
On Wed, 24 May 2000, Greg Thomas wrote:
I recently purchased BlackICE for my Windows box.
Well, I wanted to test out nmap against BI... Tried
-sS, but I watched in real time as BI caught
everything. This was in BI's normal mode. I can only
imagine what it's like in Paranoid. Anyhow, anybody
have any way around BI? I'm curious if it's possible.
I have found that fragmenting the scan will evade most IDSes. This can be
done with "nmap -f <hostip>"
Also, some IDSes only look for SYNs as far as portscanning is concerned.
So, if you're doing a FIN scan or an ACK scan, several IDSes will miss it
I do'nt know about BlackIce specifically, but if you could do the tests I
just mentioned and report back here or to bugtraq, that would be cool =]
Hope this helps,
this band is perfect
just don't scratch the surface