Nmap Announce mailing list archives
RE: Detected NMAP scan
From: Lance Spitzner <spitzner () dimension net>
Date: Wed, 6 Jan 1999 18:16:27 -0500 (EST)
On Wed, 6 Jan 1999, Lamont Granquist wrote:
Also, I've been noticing that while the script kiddies tend to use something like mscan and really pound on your machine that there are some more sophisticated people out there who are portscanning for specific services and are not scanning over a range. Therefore any of these detection methods that rely on X number of hits to closed ports in Y time units is going to fail to stop them.
I agree with you fully on this. I've done quite a few firewalls. I set these up for automated intrusion detection, listening on specific ports, such as imap, pop3, zone transfers, http, etc. If your interested, check it out at http://www.enteract.com/~lspitz/intrusion.html Lance Spitzner http://www.enteract.com/~lspitz Internetworking & Security Engineer Dimension Enterprises Inc
Current thread:
- RE: Detected NMAP scan Frank W. Keeney (Jan 06)
- RE: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan David G. Andersen (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Lance Spitzner (Jan 06)
- RE: Detected NMAP scan Jordan Ritter (Jan 06)
- RE: Detected NMAP scan Simple Nomad (Jan 06)
- RE: Detected NMAP scan David G. Andersen (Jan 06)
- Re: Detected NMAP scan Dave Packham (Jan 06)
- Re: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Max Vision (Jan 06)
- Re: Detected NMAP scan Chris Tobkin (Jan 06)
- <Possible follow-ups>
- RE: Detected NMAP scan wanb0y (Jan 06)