|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Undetectible NMAP scans
From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Wed, 23 Aug 2000 12:25:48 -0300
Em Tue, Aug 22, 2000 at 09:13:02AM -0400, Steve Cody escreveu:
I was recently testing one of my firewalls using nmap. I used an option
that I don't use much, the -sX (XMAS scan). I noticed that my ipchains
based (Redhat 6.2) firewall did not make a single log entry during the
ipchains-based packet filters can only detect SYN or connect scans. FIN
scans and derivatives thereof will not be detected with ipchains. You
will have to use another tool, such as portsentry (www.psionic.com) or
snort (www.snort.org).
In my last test, portsentry wasn't able to detect an ACK scan generated
by nmap. This type of scan is specific to show filtered ports. All other
scans were detected.
--
Andreas Hasenack
andreas () conectiva com br
BIG Linux user!
 By Date 
By Thread
Current thread:
Re: [PEN-TEST] Undetectible NMAP scans Andreas Hasenack (Aug 24)
| 
Intro
