Re: How to avoid being detected by a Network Scanner?

From: Martin Kacerovsky (wizard_at_matfyz.cz)
Date: 05/18/03

  • Next message: octavian_at_cosma.ro: "Please update your adressbook! Va rog sa va actualizati agenda!" 
    Date: Sun, 18 May 2003 08:19:35 +0200
To: security-discuss@linuxsecurity.com

    Hi,
            
    On Sat, May 17, 2003 at 10:25:32PM -0500, jglopez@servidor.unam.mx wrote:
    > I have installed Linux on a Sparc Station and I have been monitored by an
    > external host, it used a Network Scanner called "GFI LANguard Netwok
    > Scanner" , I have donwloaded it and installed on my PC, when I search
    > the host that is monitoring my server the program tells me that "could
    > not find the remote host" , aparently appears to be disconected but when
    > I try to check if this host is alive with my web browser appears its web
    > page.
    >
    > Maybe he/she has set something or disable something to avoid being
    > scanned.

    Try to block ping probes, some scanners ping remote hosts before
    really scanning them.
    But 'nmap -P0' does not, so you can try to scan that host with nmap
    (www.insecure.org/nmap)

    to block ping probes you can add to your firewall (iptables) :
    iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

    but there are many other ways (exclusive/inclusive firewall) ...

    Bye. 

    -- 
+-------------------------------------------------------------------+
 Martin Kacerovsky      <wizard@matfyz.cz>   http://wizard.matfyz.cz 
 PGP 0x4CEC2A62 : 84F6 C043 AC1A 1591 ED80  9498 30C4 7ABE 4CEC 2A62
+-------------------------------------------------------------------+

    ------------------------------------------------------------------------
         To unsubscribe email security-discuss-request@linuxsecurity.com
             with "unsubscribe" in the subject of the message.

  • Next message: octavian_at_cosma.ro: "Please update your adressbook! Va rog sa va actualizati agenda!"