Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

Nmap Network Scanning

Chapter 11. Defenses Against Nmap

Introduction

Chapter 10, Detecting and Subverting Firewalls and Intrusion Detection Systems discussed the myriad ways that Nmap (along with a few other open-source security tools) can be used to slip through firewalls and outsmart intrusion detection systems. Now we look at the situation from the other side of the fence: How technology such as firewalls and IDSs can defend against Nmap. Possible defenses include blocking the probes, restricting information returned, slowing down the Nmap scan, and returning misleading information. The dangers of some defenses are covered as well. Obfuscating your network to the extent that attackers cannot understand what is going on is not a net win if your administrators no longer understand it either. Similarly, defensive software meant to confuse or block port scanners is not beneficial if it opens up more serious vulnerabilities itself. Many of the techniques described herein protect against active probes in general, not just those produced with Nmap.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]