Chapter 11. Defenses Against Nmap


Chapter 10, Detecting and Subverting Firewalls and Intrusion Detection Systems discussed the myriad ways that Nmap (along with a few other open-source security tools) can be used to slip through firewalls and outsmart intrusion detection systems. Now we look at the situation from the other side of the fence: How technology such as firewalls and IDSs can defend against Nmap. Possible defenses include blocking the probes, restricting information returned, slowing down the Nmap scan, and returning misleading information. The dangers of some defenses are covered as well. Obfuscating your network to the extent that attackers cannot understand what is going on is not a net win if your administrators no longer understand it either. Similarly, defensive software meant to confuse or block port scanners is not beneficial if it opens up more serious vulnerabilities itself. Many of the techniques described herein protect against active probes in general, not just those produced with Nmap.