Nmap Development mailing list archives
Re: how to scan hosts protected by reactive firewall/ips?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Wed, 12 May 2010 21:30:30 +0000
Stephen I will try, thank you. Any other tricks? Not all hosts can be used as a Decoy? For example www.microsoft.com ? I also tried "--scan-delay 2 -randomize-hosts --max-rate 5" and I got the same problem. What values in general you use at --scan-delay? And what at --max-rate? --scan-delay is in seconds? or milliseconds? Thank you On Wed, May 12, 2010 at 6:51 PM, Stephen Kleine <skleine.6ohbk1 () cwfinc com> wrote:
I've run into the same thing against Watchguard firewalls; using the -T2 switch seems to get around the IPS for -most- of them, although I've been fighting against one that trips regardless. I've yet to use -T1 against that particular firewall. -----Original Message----- From: Richard Miles [mailto:richard.k.miles () googlemail com] Sent: Wednesday, May 12, 2010 12:29 PM To: nmap-dev () insecure org Subject: how to scan hosts protected by reactive firewall/ips? Hi I have 10 hosts on the same network protected by a very hostile and reactive firewall/ips, consequently when I try to scan it I get: ll 1000 scanned ports on XXX-YYY-ZZZ-AAA.host.com (XXX.YYY.ZZZ.AAA) are filtered Too many fingerprints match this host to give specific OS details It happened in all the hosts, while this one in particular has at least a web server at port 80 and 443, because I can connect with firefox. I tried to use -D (Decoy) with 7 hosts, but I got the same results. It should not happen? Not all hosts can be used as a Decoy? For example www.microsoft.com ? I also tried "--scan-delay 2 -randomize-hosts --max-rate 5" and I got the same problem. What values in general you use at --scan-delay? And what at --max-rate? The value of --scan-delay is in seconds? I'm using for the basic scan the methods "-PN -sV -sC -O ". Please, advise me other techniques. Thank you
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- how to scan hosts protected by reactive firewall/ips? Richard Miles (May 12)
- RE: how to scan hosts protected by reactive firewall/ips? Stephen Kleine (May 12)
- Re: how to scan hosts protected by reactive firewall/ips? Richard Miles (May 12)
- Re: how to scan hosts protected by reactive firewall/ips? David Fifield (May 12)
- Re: how to scan hosts protected by reactive firewall/ips? Richard Miles (May 12)
- RE: how to scan hosts protected by reactive firewall/ips? Stephen Kleine (May 12)