nmap man page:
[...]
-sT
TCP connect() scan: This is the most basic form of TCP scanning. The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. Any user on most UNIX boxes is free to use this call. This sort of scan is easily detectable as target host logs will show a bunch of connection and error messages for the services which accept() the connection just to have it immediately shutdown. This is the default scan type for unprivileged users.
[...]
-sT scan is a full TCP handshake (SYN -> SYN/ACK -> ACK), so you just have to forbid TCP connection on open ports...
But, if you block tcp accesses for anybody, nobody could connect to the service associate with the corresponding port.
So, you have to use rules that grant access for allow machine, and drop it for the others.
Nevertheless, other scans like -sS, -sF, -sX, -sN can still work...
Pablo Allietti wrote:
hi all (again), how can i made a rules for block nmap information?
if i do nmap -sT myhost.com from a cybercafe for example, nmap display all ports open. exist any way to block this? something like block scanports?
