Penetration Testing mailing list archives
Re: Request for discussion on defending against specific Nmap TCP syn and version scans.
From: ober <ober () linbsd org>
Date: Fri, 3 Mar 2006 13:57:42 -0600 (CST)
http://www.linbsd.org/wafter.c is a OpenBSD kernel module that does this. Well atleast hides from nmap, and could be setup to tarpit. -Ober Richard Chesler: [Reading a piece of paper] The first rule of Fight Club is you don't talk about Fight Club? Narrator: [Voice-over] I'm half asleep again; I must've left the original in the copy machine. Richard Chesler: The second rule of Fight Club - is this yours? Narrator: Huh? Richard Chesler: Pretend you're me, make a managerial decision: you find this, what would you do? On Thu, 2 Mar 2006, Aaron wrote:
Date: Thu, 02 Mar 2006 16:46:25 -0800 From: Aaron <microchp () microchp org> To: pen-test () securityfocus com Subject: Re: Request for discussion on defending against specific Nmap TCP syn and version scans.There may also be some interest in looking up tarpitting. It does not stop scanning but maybe be used in conjunction with changing the OS fingerprint to slow a scan lower the accuracy of the results as threads will time out. If used on enough addresses, it can make enumeration a pita.Also change the default TTL.Honeyd and DTK are also fun to play with but may draw the wrong attention to your address space.If you really want to confuse nmap, dont run any firewalls, turn on all services and leave everything default. ;)--Aarön ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow"Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise."http://www.lancope.com/resource/ ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Request for discussion on defending against specific Nmap TCP syn and version scans. Smith, Chris (Mar 01)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Martin Mačok (Mar 02)
- Bank pen test Noe Espinoza Mancillas (Mar 02)
- RE: Bank pen test Andy Meyers (Mar 03)
- RE: Bank pen test mystic33 (Mar 03)
- Re: Bank pen test Noe Espinoza Mancillas (Mar 03)
- Re: Bank pen test Rick Zhong (Mar 03)
- RE: Bank pen test Omar A. Herrera (Mar 04)
- <Possible follow-ups>
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. revnic (Mar 02)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Aaron (Mar 03)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. ober (Mar 04)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Martin Mačok (Mar 04)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Aaron (Mar 03)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. krantikari26 (Mar 02)