Re: problem with nmap - David Cannings

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Cannings <lists@edeca.net>
To: netfilter@lists.netfilter.org
Subject: Re: problem with nmap
Date: Mon, 16 Feb 2004 14:30:55 +0000	[thread overview]
Message-ID: <200402161430.55591.lists@edeca.net> (raw)
In-Reply-To: <001901c3f496$5feac900$7b00000a@optusclub.gr>

On Monday 16 February 2004 14:08, Galiatsis Sokratis wrote:
> I want to know if there is a "special" rule which blocks all nmap
> scanning methods. I have something here for fragments, xmas, nmap etc
> but whenever i try to test it my server ports are always shown as open
> instead of stealth. I tried Online Symantec Security Scan and nmapping
> from another host from an external network. Both show the same results.

Are these scans coming from places that should be able to access your 
services or not?  The whole point of having your ports open is so that 
people can access what is behind them, the whole point of using nmap to 
scan is to see what ports are open.  The TCP connect scan in nmap 
connects exactly the same as any other client application would, 
therefore you'll never completely stop a scan unless you want to block 
access totally.

Perhaps rate limiting to 5 SYN-only packets (or other, for the special 
cases) per second might help.  This will slow a scan considerably, though 
you may have to play with the timing:limit ratios.  Blocking invalid 
packets (those unrelated to existing connections) and packets with flags 
that are bogus (such as SYN and FIN at the same time, to give a poor 
example) will also block scans.

David

     prev parent reply	other threads:[~2004-02-16 14:30 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-16 14:08 problem with nmap Galiatsis Sokratis
2004-02-16 14:30 ` David Cannings [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200402161430.55591.lists@edeca.net \
    --to=lists@edeca.net \
    --cc=david@edeca.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.