RE: Xmas and null scans
From: Jeremie Werner (medgi@evc.net)Date: 11/23/01
- Previous message: leon: "bricker server question"
- Maybe in reply to: Craig Van Tassle: "Xmas and null scans"
- Next in thread: gminick: "Re: Xmas and null scans"
- Reply: gminick: "Re: Xmas and null scans"
- Reply: Craig Van Tassle: "Re: Xmas and null scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jeremie Werner <medgi@evc.net> To: security-basics@securityfocus.com Subject: RE: Xmas and null scans Date: Fri, 23 Nov 2001 17:12:40 +0100 Message-Id: <01112317124000.00985@gaia>
Hello,
I'm not sure I have clearly understand all the questions, but this may help
you (I hope :).
The ports that are marked as open are ports from your box, so the only port
that could be open are services you are running on your box. It may be httpd,
or even X server ...
To detect the scan, you can use a NIDS (like snort), or even a specific
program that detect portscan (Like scanlogd from openwall.com). To block
portscan you should install a firewall, to filter the incoming packet.
In order to understand the way of portscanning, you should read the paper
from Fyodor published in Phrack 51 (phrack.org) and called 'The art of port
scanning'.
For more help, just try google.com :)
Have fun ...
>Hello everyone.
>I'm running FreeBSD 4.4 and i was doing a port scan of my self (from a
>remote
>box that i have legal access to) and i was getting a log of open ports from
>nmap -sN and nmap -sX. I was wondering why i was getting all of these "open
>ports"
>and does any one know how to stop these scans from getting though?
>and how do these scans work?
>Thanks
>Craig
- Previous message: leon: "bricker server question"
- Maybe in reply to: Craig Van Tassle: "Xmas and null scans"
- Next in thread: gminick: "Re: Xmas and null scans"
- Reply: gminick: "Re: Xmas and null scans"
- Reply: Craig Van Tassle: "Re: Xmas and null scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
