[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'mirror' with iptables

Dmitriy Kropivnitskiy <jeld@mindless.com> writes:

> > how does this stop the scanner from identifying open ports?
> If you actually drop packets instead of rejecting them your port scanner
> will slow down to a crawl, since it has to wait for timeout on every try.


Push out loads of packets to many hosts at one port per host, and just sit
back & wait for the responses; they'll tell you if they're listening. 
Absolutely *nobody* does multi-port per host sweeps these days - to the
extent that I nmapped myself from ports 20-25 only, this morning, and it
occupied the greater amount of the firewall log for the last 24hrs.

And in the rapture and the charm,           |piglet@stirfried.vegetable.org.uk
Came the tranquil and the calm,             |http://spodzone.org.uk/
On the ridge of the mighty Atlantic.        |

Reply to: