Re: block nmap info

All of lore.kernel.org
 help / color / mirror / Atom feed

From: xmaillist <xmaillist@skynet.be>
To: Pablo Allietti <pablo@lacnic.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: block nmap info
Date: Thu, 27 Jan 2005 21:07:17 -0100	[thread overview]
Message-ID: <41F96615.9010701@skynet.be> (raw)
In-Reply-To: <20050127200622.GA23921@omega.lacnic.net.uy>

Hi,
nmap man page:
[...]
-sT
TCP connect() scan: This is the most basic form of TCP scanning. The 
connect() system call provided  by  your operating system is used to 
open a connection to every interesting port on the machine. If the port 
is listening, connect() will succeed, otherwise the port isn't 
reachable. One strong advantage to this technique is that you don't need 
any special privileges. Any user on most UNIX boxes is free to use this 
call. This sort of scan is easily detectable as target host logs will 
show a bunch of connection and  error messages for the services which 
accept() the connection just to have it immediately shutdown.  This is 
the default scan type for unprivileged users.
[...]

-sT scan is a full TCP handshake (SYN -> SYN/ACK -> ACK), so you just 
have to forbid TCP connection on open ports...
But, if you block tcp accesses for anybody, nobody could connect to the 
  service associate with the corresponding port.
So, you have to use rules that grant access for allow machine, and drop 
it for the others.
Nevertheless, other scans like -sS, -sF, -sX, -sN can still work...


Pablo Allietti wrote:
> hi all (again), how can i made a rules for block nmap information?
> 
> if i do nmap -sT myhost.com from a cybercafe for example,   nmap display
> all ports open. exist any way to block this? something like block
> scanports?

next prev parent reply	other threads:[~2005-01-27 22:07 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-27 20:06 block nmap info Pablo Allietti
2005-01-27 22:07 ` xmaillist [this message]
2005-01-27 22:09   ` Pablo Allietti
2005-01-27 23:24     ` xa
2005-02-05 23:44 ` Martijn Lievaart

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41F96615.9010701@skynet.be \
    --to=xmaillist@skynet.be \
    --cc=netfilter@lists.netfilter.org \
    --cc=pablo@lacnic.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.