Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Servers From Nmap's Idlescan?

Posted by Cliff on from the obtaining-extra-security dept.

Istealmymusic asks: "Now that Nmap 3.00's idlescan technique is fully documented, thousands of vulnerable NT and Linux hosts on the Internet are being exploited to perform stealthy port-scanning. My employer's Linux cluster was a victim of these attacks; apparently he has been used to perform hundreds of port scans on DDN machines. Needless to say we where contacted by the sysadmin and forced to blacklist the cracker. However, our Linux cluster is still vulnerable to the idlescan exploit from other attackers, and I believe our company has a false sense of security. OpenBSD is the only OS I know of which randomizes the IPID sequence therefore making it invulnerable to the idlescan, but we have neither the time nor urge to migrate to OpenBSD. How can one secure their Linux or NT TCP/IP stack from malicious idlescanning?"

1 of 37 comments (clear)

  1. two words and an acronym... by Anonymous Coward · · Score: 0, Troll

    Microsoft Windows XP