Security Basics mailing list archives

Re: RE: Server blocks access of IP after nmap scan

From: "TAS" <p0wnsauc3 () gmail com>
Date: Wed, 18 May 2011 18:21:09 +0000

The firewall blocking a port scan is pretty obvious. A well configured firewall or for that case even an IPS is suppose 
to behave like that. And that you are getting all ports filtered is also quite normal. A firewall will always silently 
drop the packets and so everything is filtered. That is how NMAP works.

No matter how stealth you get as long as the firewall is tightly configured you will be disappointed.

What you can do it run the ACK, a full TCP connect scan for a limited set of ports and see if you are get some results. 
Also increase the verbosity in the scan and make sure you read the trace route table in the output to ensure if it is 
the server you are scanning responding or the packet getting filtered somewhere in transit.

What you can also do is run a decoy scan. The results though would not be very reliable.

If you objective is to test the perimeter security then yes it has passed the test and move on to other aspects of 
testing.

Hope that helps.

TAS

------Original Message------
From: amon.amarth9 () gmail com
Sender: listbounce () securityfocus com
To: security-basics () securityfocus com
Subject: Re: RE: Server blocks access of IP after nmap scan
Sent: May 18, 2011 11:17 PM

Yeah I tried scanning with different timing options but the problem is not with nmap but with the firewall on the 
server. The thing is that the server simply puts my ip address on a black list when it detects a scan from it, and when 
on the black list it cannot access any kind of service from the server, including the web site, the ftp server for 
which i even have the admin credentials etc. What I'm looking for is to stealth the scan in some kind of way, not get 
banned and get the correct port scan results.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Sent from BlackBerry® - Vodafone

Current thread:

Re: Server blocks access of IP after nmap scan, (continued)
- Re: Server blocks access of IP after nmap scan pasquale imperato (May 18)
- Re: Server blocks access of IP after nmap scan anthony kasza (May 18)
- RE: Server blocks access of IP after nmap scan Dan Lynch (May 18)
  - Re: Server blocks access of IP after nmap scan Martin Schneider (May 18)
- Re: Server blocks access of IP after nmap scan Saif El Sherei (May 18)
- RE: Server blocks access of IP after nmap scan Rishi Narang (May 18)
- Re: RE: Server blocks access of IP after nmap scan amon . amarth9 (May 18)
  - Re: Server blocks access of IP after nmap scan Joseph Saselli (May 18)
- Re: Server blocks access of IP after nmap scan Luciano Mazzella (May 18)
- Re: RE: Server blocks access of IP after nmap scan phyco . rootelement (May 18)
- Re: RE: Server blocks access of IP after nmap scan TAS (May 18)
- Re: Server blocks access of IP after nmap scan amon . amarth9 (May 18)
  - Re: Server blocks access of IP after nmap scan Littlefield, Tyler (May 18)
    - Re: Server blocks access of IP after nmap scan Matthew Caron (May 18)
    - RE: Server blocks access of IP after nmap scan Michael Sturtz (May 18)
- Re: RE: Server blocks access of IP after nmap scan amon . amarth9 (May 18)
  - Re: Server blocks access of IP after nmap scan Todd Haverkos (May 20)