[list added again, I think this is public interest and should be archived] On 01/04/2003, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]: > I just wanted to drop all nmap and/or other harmful packets... I found half > of this list of flags @ nmap's forums by a guy saying which to block to stop > nmap, the other half I found on a sans.org site... I'll try to dig up a link > if you want it. Which flags do you recommend blocking?
First off: nmap is dumb Furthermore, *most* people using nmap are completly clueless about what is happening - and to make it worse: nmap interprets packets coming back (or not) in a very "special" way. Let's say, it tries to think for the user. After all they see an output of closed/open/filtered ports which is *way often* not even *close* to reality. Please think it through .. all this 'hiding' is totally silly and useless. Think about they get a response (or not) which is interpreted as XYZ/tcp filtered Now what? Can they do something harmful w/ FUP on port XYZ there? Can they even create a *valid* connection to there for carrying payload UP THE STACK WHERE IT WOULD HURT? Geeez.. If you dont want port XYZ being reached. Block it. Completly. No matter what fuxxored flag ever is set. Period. //pb
