Right, but if no ports are open, and the host isn't making any kind of response nmap will take forever to tell you its results. -miah On Tue, Jan 30, 2001 at 06:13:42PM -0600, Michael Chletsos wrote:
Usually nmap shows much more detailed information in much less time, usually about 2-3 minutes. It tells you what ports are open. And from that knowledge, someone knows what is being run, therefore they will know if a certain security hole is available. Do not take that lightly, it happened to my lab at Argonne national laboratory. Someone used nmap to find an identd exploit and broke in.
So nmap is a very important tool for exploiters.
michael
On Tue, 30 Jan 2001, Ralf Ronneburger wrote:
On Mon, 29 Jan 2001, Gerhard Sittig wrote:
What I'd like to know: Wich possible holes are open, after I configured a router with this skript, closing all ports for inbound packets, blocking ping and traceroute? Is it still possible to "see" that box on the internet, besides from outbound connections?
Try it out for yourself! Run nmap / saint / satan / nessus / place a scanner of your choice here against your own machines from outside (from a dialup account or a neighboured admin's site). Others *will* scan you. Make sure you're first and know what's there to see. And act before others get to know ...
Thanks for your help! I've already tried nmap, but I guess I was not patient enough, because I quit after waiting for 30 minutes. After almost 3 hours I got this from "nmap -sS -P0 -O <IP-Adress>":
Interesting ports on (<IP-Adress>): (Not showing ports in state: filtered) Port State Protocol Service
No OS matches for this host. TCP fingerprints: T5(Resp=N) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=N)
Nmap run completed -- 1 IP address (1 host up) scanned in 9262 seconds
Looks good to me! But what could a Cracker (patient enough to wait that long) make out of this and what are the weaknesses I still have to be aware of? Can I do anything else to hide this computer and how does nmap still figure out, that my box is online? Thanks a lot,
Ralf Ronneburger
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com