RE: Xmas and null scans

From: Jeremie Werner (
Date: 11/23/01

From: Jeremie Werner <>
Subject: RE: Xmas and null scans
Date: Fri, 23 Nov 2001 17:12:40 +0100
Message-Id: <01112317124000.00985@gaia>


I'm not sure I have clearly understand all the questions, but this may help
you (I hope :).

The ports that are marked as open are ports from your box, so the only port
that could be open are services you are running on your box. It may be httpd,
or even X server ...

To detect the scan, you can use a NIDS (like snort), or even a specific
program that detect portscan (Like scanlogd from To block
portscan you should install a firewall, to filter the incoming packet.

In order to understand the way of portscanning, you should read the paper
from Fyodor published in Phrack 51 ( and called 'The art of port

For more help, just try :)

Have fun ...

>Hello everyone.
>I'm running FreeBSD 4.4 and i was doing a port scan of my self (from a
>box that i have legal access to) and i was getting a log of open ports from
>nmap -sN and nmap -sX. I was wondering why i was getting all of these "open
>and does any one know how to stop these scans from getting though?
>and how do these scans work?