[...]
> I am running load balanced web servers behind a PIX. I have never
> been able
> to identify the server OS with NMAP. Is there a secret? I am
> aware of
> doing banner checks. The scenario would be someone doing
> automated scans
> for Linux and using NMAP to put known Linux hosts into a file.
>
NMAP scans for hosts beyond "stateful aware" firewalls is quite
difficult. The first problem lies in the firewall design. If a packet
is not in the connection table and it's not a SYN packet it is simply
droped. The other problem is TCP options. Most firewalls will drop
those packets also.
In a recent pen-test I realize that Win 2k hosts beyond a PIX, would
only respond to NMAP test #5, the only one that uses a standard SYN,
while if those boxes where outside the filtered network, they would
reply to all 8 tests.
The work around is break in and NMAP from the internal network ;)
_____________________________________________________________________
INTERNET MAIL FOOTER
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 06:21:16 PDT