Nmap Announce mailing list archives
RE: BlackICE and nmap
From: Patrick O Neil <patrick.oneil () hci utah edu>
Date: Thu, 25 May 2000 08:41:33 -0600
I believe that if you alter your timing you may also be able to get by. Try the "-T Sneaky" or "Paranoid" switch (as well as using decoys or ip spoofing). The timing switch will slow things drastically but you may get around it that way. -----Original Message----- From: Matt To: Greg Thomas Cc: nmap-hackers () insecure org Sent: 5/24/00 1:29 PM Subject: Re: BlackICE and nmap On Wed, 24 May 2000, Greg Thomas wrote:
I recently purchased BlackICE for my Windows box. Well, I wanted to test out nmap against BI... Tried -sS, but I watched in real time as BI caught
[...] I have found that fragmenting the scan will evade most IDSes. This can be done with "nmap -f <hostip>" Also, some IDSes only look for SYNs as far as portscanning is concerned. So, if you're doing a FIN scan or an ACK scan, several IDSes will miss it entirely. I do'nt know about BlackIce specifically, but if you could do the tests I just mentioned and report back here or to bugtraq, that would be cool =] Hope this helps, ttyl -- this band is perfect just don't scratch the surface -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- BlackICE and nmap Greg Thomas (May 23)
- Re: BlackICE and nmap Fyodor (May 24)
- RE: BlackICE and nmap Jay Freeman (saurik) (May 24)
- Re: BlackICE and nmap Archer (May 24)
- Re: BlackICE and nmap Matt (May 24)
- <Possible follow-ups>
- RE: BlackICE and nmap Patrick O Neil (May 25)
- Re: BlackICE and nmap Fyodor (May 24)