Re: Defeating NMAP scans
- From: Ertugrul Soeylemez <never@xxxxxxxxxxxxxx>
- Date: Wed, 25 Jan 2006 01:46:58 +0100
Hello Sunny,
"Sunny" <sun4udee@xxxxxxxxx> (06-01-24 11:05:13):
> Is there any way to distinguish the probe packets
> sent by NMAP and the normal communication packets..??? Also can we
> modify the responses to the nmap probes so that it could not recognise
> the remote OS and the services??? By default,NMAP probes the remote
> machine by sending some packets in specfic order. Can anybody clue me
> the order in which the type of scans that NMAP does ??
Rick is just right. However, you _could_ distinguish nmap's packets by
some heuristics like SYN rate, but this may lead to false positives
(even very often). You might be interested in grsecurity [1], a kernel
patch. It makes OS detection more difficult for nmap. For me it
reports a wrong OS, but it still detects it being Linux.
As Rick said, just let port scans remain possible. Hiding your OS is no
real gain in security. Instead, configure your system properly and keep
it up to date.
Regards.
---
[1] http://www.grsecurity.net/
.
- References:
- Defeating NMAP scans
- From: Sunny
- Defeating NMAP scans
- Prev by Date: Re: Urgently ! need help about iptable and internet gateway/firewall
- Next by Date: Re: Urgently ! need help about iptable and internet gateway/firewall
- Previous by thread: Re: Defeating NMAP scans
- Next by thread: Re: Defeating NMAP scans
- Index(es):
Relevant Pages
|
