Portscanning is just sending special packets and analysing answer.
So, you can drop all packets from unauthorized person and they can't see anything... (or just that they are filtered...)
But the others can send packets and see respond, so they can say if a service run on the ports they can access...
Pablo Allietti wrote:
On Thu, Jan 27, 2005 at 09:07:17PM -0100, xmaillist wrote:
Hi, nmap man page:
ok. then it is impossible to block nmap and portscanning?
[...]
-sT
TCP connect() scan: This is the most basic form of TCP scanning. The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. Any user on most UNIX boxes is free to use this call. This sort of scan is easily detectable as target host logs will show a bunch of connection and error messages for the services which accept() the connection just to have it immediately shutdown. This is the default scan type for unprivileged users.
[...]
-sT scan is a full TCP handshake (SYN -> SYN/ACK -> ACK), so you just have to forbid TCP connection on open ports...
But, if you block tcp accesses for anybody, nobody could connect to the service associate with the corresponding port.
So, you have to use rules that grant access for allow machine, and drop it for the others.
Nevertheless, other scans like -sS, -sF, -sX, -sN can still work...
Pablo Allietti wrote:
hi all (again), how can i made a rules for block nmap information?
if i do nmap -sT myhost.com from a cybercafe for example, nmap display all ports open. exist any way to block this? something like block scanports?
---end quoted text---
