Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: BlackICE and nmap
From: Matt (mattuse.net)
Date: Wed May 24 2000 - 14:29:56 CDT
- Next message: Crye, Michael: "RE: can/should"
- Previous message: Bennett Todd: "Re: can/should"
- In reply to: Greg Thomas: "BlackICE and nmap"
- Next in thread: Patrick O Neil: "RE: BlackICE and nmap"
- Reply: Matt: "Re: BlackICE and nmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 24 May 2000, Greg Thomas wrote:
> I recently purchased BlackICE for my Windows box.
> Well, I wanted to test out nmap against BI... Tried
> -sS, but I watched in real time as BI caught
> everything. This was in BI's normal mode. I can only
> imagine what it's like in Paranoid. Anyhow, anybody
> have any way around BI? I'm curious if it's possible.
I have found that fragmenting the scan will evade most IDSes. This can be
done with "nmap -f <hostip>"
Also, some IDSes only look for SYNs as far as portscanning is concerned.
So, if you're doing a FIN scan or an ACK scan, several IDSes will miss it
I do'nt know about BlackIce specifically, but if you could do the tests I
just mentioned and report back here or to bugtraq, that would be cool =]
Hope this helps,
-- this band is perfect just don't scratch the surface
-------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).