Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: how nmap can know my firewalled servers ?

from [Alexey Eremenko] Network Security [Permanent Link]
Subject: Re: how nmap can know my firewalled servers ?
Date: Thu, 13 Apr 2006 07:59:43 -0200 
I am assuming you are using a DROP rule on your firewall.  NMAP knows> that 
if it does not receive a response for a TCP connection then it is> 
firewalled.  Dropping traffic at a firewall violates RFC and makes it> much 
easier to know when there is a firewall between the scanner and the> end 
host.  I recommend using REJECT>> -A INPUT -j REJECT --reject-with 
icmp-host-unreachable>> That will conform to RFC (I'm pretty sure) and will 
make it harder to> detect a firewall with NMAP.>

True, I am using DROP state on my iptables, but even when I changedthe state of 
my firewall to "REJECT --reject-withicmp-host-unreachable" - nmap _still_ knows 
that my services arerunning (telnet) and are filtered !
linux:/ # iptables -A INPUT -p tcp --dport 23 -j REJECT 
--reject-withicmp-host-unreachablelinux:/ # nmap  localhost
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-13 12:59 
GMT+2Interesting ports on localhost (127.0.0.1):(The 1648 ports scanned but not 
shown below are in state: closed)PORT      STATE    SERVICE22/tcp    open     
ssh23/tcp    filtered telnet...
linux:/ # iptables -LChain INPUT (policy ACCEPT)target     prot opt source      
         destinationREJECT     tcp  --  anywhere             anywhere           
 tcpdpt:telnet reject-with icmp-host-unreachable
Chain FORWARD (policy ACCEPT)target     prot opt source               
destination
Chain OUTPUT (policy ACCEPT)target     prot opt source               destination

So how do I fool nmap that my service is really down ?
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how nmap can know my firewalled servers ?, Alice Bryson
Next by Date:  Re: Syncing iptables rules between two servers, Stephen Barron
Previous by Thread:  Re: how nmap can know my firewalled servers ?, Gregory Boyce
Next by Thread:  Re: how nmap can know my firewalled servers ?, manu
Indexes:  [Date] [Thread] [Top] [All Lists]