Re: 'mirror' with iptables
Dmitriy Kropivnitskiy <jeld@mindless.com> writes:
[snip]
> > how does this stop the scanner from identifying open ports?
>
> If you actually drop packets instead of rejecting them your port scanner
> will slow down to a crawl, since it has to wait for timeout on every try.
Bzzzzzzt.
Push out loads of packets to many hosts at one port per host, and just sit
back & wait for the responses; they'll tell you if they're listening.
Absolutely *nobody* does multi-port per host sweeps these days - to the
extent that I nmapped myself from ports 20-25 only, this morning, and it
occupied the greater amount of the firewall log for the last 24hrs.
~Tim
--
And in the rapture and the charm, |piglet@stirfried.vegetable.org.uk
Came the tranquil and the calm, |http://spodzone.org.uk/
On the ridge of the mighty Atlantic. |
Reply to: