Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: RE: BlackICE and nmap

RE: BlackICE and nmap

From: Patrick O Neil <patrick.oneil_at_hci.utah.edu>
Date: Thu, 25 May 2000 08:41:33 -0600

I believe that if you alter your timing you may also be able to
get by.

Try the "-T Sneaky" or "Paranoid" switch (as well as using decoys
or ip spoofing). The timing switch will slow things drastically
but you may get around it that way.
  

-----Original Message-----
From: Matt
To: Greg Thomas
Cc: nmap-hackers_at_insecure.org
Sent: 5/24/00 1:29 PM
Subject: Re: BlackICE and nmap

On Wed, 24 May 2000, Greg Thomas wrote:

> I recently purchased BlackICE for my Windows box.
> Well, I wanted to test out nmap against BI... Tried
> -sS, but I watched in real time as BI caught
[...]
I have found that fragmenting the scan will evade most IDSes. This can
be
done with "nmap -f <hostip>"

Also, some IDSes only look for SYNs as far as portscanning is concerned.
So, if you're doing a FIN scan or an ACK scan, several IDSes will miss
it
entirely.

I do'nt know about BlackIce specifically, but if you could do the tests
I
just mentioned and report back here or to bugtraq, that would be cool =]

Hope this helps,

ttyl 

--
this band is perfect
just don't scratch the surface
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on May 25 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos