On Thu, Jan 27, 2005 at 09:07:17PM -0100, xmaillist wrote: > Hi, > nmap man page: ok. then it is impossible to block nmap and portscanning? > [...] > -sT > TCP connect() scan: This is the most basic form of TCP scanning. The > connect() system call provided by your operating system is used to > open a connection to every interesting port on the machine. If the port > is listening, connect() will succeed, otherwise the port isn't > reachable. One strong advantage to this technique is that you don't need > any special privileges. Any user on most UNIX boxes is free to use this > call. This sort of scan is easily detectable as target host logs will > show a bunch of connection and error messages for the services which > accept() the connection just to have it immediately shutdown. This is > the default scan type for unprivileged users. > [...] > > -sT scan is a full TCP handshake (SYN -> SYN/ACK -> ACK), so you just > have to forbid TCP connection on open ports... > But, if you block tcp accesses for anybody, nobody could connect to the > service associate with the corresponding port. > So, you have to use rules that grant access for allow machine, and drop > it for the others. > Nevertheless, other scans like -sS, -sF, -sX, -sN can still work... > > > Pablo Allietti wrote: > >hi all (again), how can i made a rules for block nmap information? > > > >if i do nmap -sT myhost.com from a cybercafe for example, nmap display > >all ports open. exist any way to block this? something like block > >scanports? > ---end quoted text--- -- Pablo Allietti LACNIC --------------
