Penetration Testing mailing list archives
Re: [PEN-TEST] Undetectible NMAP scans
From: Swen Schisler <sschisler () VIRBUS DE>
Date: Mon, 28 Aug 2000 11:08:51 +0200
Am Son, 27 Aug 2000 schrieben Sie:
Jose Nazario wrote:On Thu, 24 Aug 2000, Devdas Bhagat wrote:Its moved to http://www.openwall.com/scanlogd .while scanlogd can detect them, along with some other tools (scanlogd is my personal favorite), you can't stop stealth scans, either, without a packet filter that lets you block on the basis of arbitrary flags. ichains doesn't have that capability, as i recall. (i use OpenBSD/ipfilter firewalls, FWIW.)Even tho people recommend Snort over it, I still prefer Abacus PortSentry (http://www.psionic.com/abacus/portsentry/). It's config allows for active response to portscans. It contains a list of defaults for ipfwadm as well as ipchains for a variety of OS flavors. Given the
snort, at least is able to reset connections if configured with the --enable-flexresp flag. Then you can add in the rules file something like resp=<something_to_do> to an event signature to define an action which snort should perform if the event occurs. The defined actions you can read in the README.FLEXRESP in the snort directory.
manner it works in, I reckon it'd be no problem at all to deploy it functioning with iptables/ipfilters. Also, if you don't care to drop routes, it will dump offending IPs into hosts.deny. BSD Today has an article at http://www.bsdtoday.com/2000/July/Features233.html as well. Psionic offers a log analyzer, LogCheck, on their site also. Works very well in conjunction with Portsentry or Snort. -aj.
-------------------------------------------------------------------------------- Swen Schisler VIRBUS AG Leipzig Germany Tel.: +49-341/9797407 E-mail: sschisler () virbus de -------------------------------------------------------------------------------- In a world without walls and fences, nobody need gates and windows.
Current thread:
- [PEN-TEST] Undetectible NMAP scans Steve Cody (Aug 22)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jose Nazario (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Aj Effin ReznoR (Aug 27)
- Re: [PEN-TEST] Undetectible NMAP scans Swen Schisler (Aug 28)
- Re: [PEN-TEST] Undetectible NMAP scans Devdas Bhagat (Aug 24)
- Re: [PEN-TEST] Undetectible NMAP scans Jan Muenther (Aug 26)
- Re: [PEN-TEST] Undetectible NMAP scans Stefan Suurmeijer (Aug 23)