- Nmap Network Scanning
- Chapter11.Defenses Against Nmap
Table of Contents
Introduction
Chapter10, Detecting and Subverting Firewalls and Intrusion Detection Systems discussed the myriad ways that Nmap (along with a few otheropen-source security tools) can be used to slip through firewalls andoutsmart intrusion detection systems. Now we look at the situationfrom the other side of the fence: How technology such as firewallsand IDSs can defend against Nmap. Possible defenses includeblocking the probes, restricting information returned, slowing downthe Nmap scan, and returning misleading information. The dangers ofsome defenses are covered as well. Obfuscating your network to theextent that attackers cannot understand what is going on is not a netwin if your administrators no longer understand it either. Similarly,defensive software meant to confuse or block port scanners is notbeneficial if it opens up more serious vulnerabilities itself. Manyof the techniques described herein protect against active probes ingeneral, not just those produced with Nmap.