|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Undetectible NMAP scans
From: Aj Effin ReznoR <aj () REZNOR COM>
Date: Sun, 27 Aug 2000 11:58:04 -0700
Jose Nazario wrote:
On Thu, 24 Aug 2000, Devdas Bhagat wrote:
Its moved to http://www.openwall.com/scanlogd .
while scanlogd can detect them, along with some other tools (scanlogd is
my personal favorite), you can't stop stealth scans, either, without a
packet filter that lets you block on the basis of arbitrary flags. ichains
doesn't have that capability, as i recall. (i use OpenBSD/ipfilter
firewalls, FWIW.)
Even tho people recommend Snort over it, I still prefer Abacus PortSentry
(http://www.psionic.com/abacus/portsentry/).
It's config allows for active response to portscans. It contains a list of
defaults for ipfwadm as well as ipchains for a variety of OS flavors. Given the
manner it works in, I reckon it'd be no problem at all to deploy it functioning
with iptables/ipfilters. Also, if you don't care to drop routes, it will dump
offending IPs into hosts.deny.
BSD Today has an article at http://www.bsdtoday.com/2000/July/Features233.html
as well.
Psionic offers a log analyzer, LogCheck, on their site also. Works very well in
conjunction with Portsentry or Snort.
-aj.
 By Date 
By Thread
Current thread:
Re: [PEN-TEST] Undetectible NMAP scans Andreas Hasenack (Aug 24)
|
Intro
