Re: block nmap info

[xa <xmaillist@skynet.be>]

Basically, nmap is just a program that send packets.
Portscanning is just sending special packets and analysing answer.
So, you can drop all packets from unauthorized person and they can't see 
anything... (or just that they are filtered...)
But the others can send packets and see respond, so they can say if a 
service run on the ports they can access...


Pablo Allietti wrote:
> On Thu, Jan 27, 2005 at 09:07:17PM -0100, xmaillist wrote:
> 
>>Hi,
>>nmap man page:
> 
> 
> 
> ok. then it is impossible to block nmap and portscanning? 
> 
> 
> 
>>[...]
>>-sT
>>TCP connect() scan: This is the most basic form of TCP scanning. The 
>>connect() system call provided  by  your operating system is used to 
>>open a connection to every interesting port on the machine. If the port 
>>is listening, connect() will succeed, otherwise the port isn't 
>>reachable. One strong advantage to this technique is that you don't need 
>>any special privileges. Any user on most UNIX boxes is free to use this 
>>call. This sort of scan is easily detectable as target host logs will 
>>show a bunch of connection and  error messages for the services which 
>>accept() the connection just to have it immediately shutdown.  This is 
>>the default scan type for unprivileged users.
>>[...]
>>
>>-sT scan is a full TCP handshake (SYN -> SYN/ACK -> ACK), so you just 
>>have to forbid TCP connection on open ports...
>>But, if you block tcp accesses for anybody, nobody could connect to the 
>> service associate with the corresponding port.
>>So, you have to use rules that grant access for allow machine, and drop 
>>it for the others.
>>Nevertheless, other scans like -sS, -sF, -sX, -sN can still work...
>>
>>
>>Pablo Allietti wrote:
>>
>>>hi all (again), how can i made a rules for block nmap information?
>>>
>>>if i do nmap -sT myhost.com from a cybercafe for example,   nmap display
>>>all ports open. exist any way to block this? something like block
>>>scanports?
>>
> ---end quoted text---
>