Home page logo

Nmap Announce mailing list archives

Re: how to know scan is correct?
From: Bennett Todd <bet () rahul net>
Date: Thu, 10 Feb 2000 10:47:11 -0500

2000-02-10-01:09:22 Justin:
That's why you have a iptables/whatever module that listens looks
for syns to non-open ports, logs once, then filters the offending
ip/netmask for 30 minutes or a few days if you're particularly

If you're going to do any such reactive firewall stuff as this, make
very sure nobody knows you're doing it; if they know you're doing
that, it's amazingly easy for them to cut you off from any or all of
the internet. Lessee, how long would it take to send SYN packets to
closed ports with source addrs forged from all the root nameservers.


Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]