Security Basics mailing list archives
RE: Server blocks access of IP after nmap scan
From: "Rishi Narang" <exe.tmp () gmail com>
Date: Wed, 18 May 2011 22:52:36 +0530
Hello, If that is a single IP, there is a possibility that there is a timing problem. You can try using "--scan-delay" for your scans. Here is the excerpt from the manual, --scan-delay <time>; --max-scan-delay <time> (Adjust delay between probes) This option causes Nmap to wait at least the given amount of time between each probe it sends to a given host. This is particularly useful in the case of rate limiting. Solaris machines (among many others) will usually respond to UDP scan probe packets with only one ICMP message per second. Any more than that sent by Nmap will be wasteful. A --scan-delay of 1s will keep Nmap at that slow rate. Nmap tries to detect rate limiting and adjust the scan delay accordingly, but it doesn't hurt to specify it explicitly if you already know what rate works best. When Nmap adjusts the scan delay upward to cope with rate limiting, the scan slows down dramatically. The --max-scan-delay option specifies the largest delay that Nmap will allow. A low --max-scan-delay can speed up Nmap, but it is risky. Setting this value too low can lead to wasteful packet retransmissions and possible missed ports when the target implements strict rate limiting. Another use of --scan-delay is to evade threshold based intrusion detection and prevention systems (IDS/IPS). More details - http://nmap.org/book/man-performance.html -- Regards, Rishi Narang, CEH ---------------------------------------------------------------------------- --------------------------------------------------------------- Twitter: @rnarang | Weblog: www.wtfuzz.com | Skype: rishi.narang | LinkedIn: www.linkedin.com/in/rishinarang -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of amon.amarth9 () gmail com Sent: Wednesday, May 18, 2011 10:07 PM To: security-basics () securityfocus com Subject: Server blocks access of IP after nmap scan I am conducting this little security test on a specific web server owned by a colleague of mine, saying it's pretty secured. So first I ran nmap but after the nmap scan completes (and it says all ports filtered, which is impossible), the web server became unresponsive. I called my friend in order to explain him how accidentally I DoSed his server but he says it's all ok. I check again - it's not responding. So I connect through a proxy and whoa - it's alive, so i guess after the nmap scan the server somehow protected itself by blocking access to the site for my ip. I would like to know what I can do in this case, how I can successfully complete a nmap scan without putting it 'down'. Any ideas please? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Server blocks access of IP after nmap scan amon . amarth9 (May 18)
- Re: Server blocks access of IP after nmap scan Ken Fox (May 18)
- Re: Server blocks access of IP after nmap scan Thomas Rozenbroek (May 18)
- Re: Server blocks access of IP after nmap scan pasquale imperato (May 18)
- Re: Server blocks access of IP after nmap scan anthony kasza (May 18)
- RE: Server blocks access of IP after nmap scan Dan Lynch (May 18)
- Re: Server blocks access of IP after nmap scan Martin Schneider (May 18)
- Re: Server blocks access of IP after nmap scan Saif El Sherei (May 18)
- RE: Server blocks access of IP after nmap scan Rishi Narang (May 18)
- <Possible follow-ups>
- Re: RE: Server blocks access of IP after nmap scan amon . amarth9 (May 18)
- Re: Server blocks access of IP after nmap scan Joseph Saselli (May 18)
- Re: Server blocks access of IP after nmap scan Luciano Mazzella (May 18)
- Re: RE: Server blocks access of IP after nmap scan phyco . rootelement (May 18)
- Re: RE: Server blocks access of IP after nmap scan TAS (May 18)
- Re: Server blocks access of IP after nmap scan amon . amarth9 (May 18)
- Re: Server blocks access of IP after nmap scan Littlefield, Tyler (May 18)
- Re: Server blocks access of IP after nmap scan Matthew Caron (May 18)
- RE: Server blocks access of IP after nmap scan Michael Sturtz (May 18)
- Re: Server blocks access of IP after nmap scan Littlefield, Tyler (May 18)
- Re: RE: Server blocks access of IP after nmap scan amon . amarth9 (May 18)
(Thread continues...)
- Re: Server blocks access of IP after nmap scan Ken Fox (May 18)