Protecting Servers From Nmap's Idlescan?

Posted by Cliff on Monday October 21, 2002 @12:39PM from the obtaining-extra-security dept.

Istealmymusic asks: "Now that Nmap 3.00's idlescan technique is fully documented, thousands of vulnerable NT and Linux hosts on the Internet are being exploited to perform stealthy port-scanning. My employer's Linux cluster was a victim of these attacks; apparently he has been used to perform hundreds of port scans on DDN machines. Needless to say we where contacted by the sysadmin and forced to blacklist the cracker. However, our Linux cluster is still vulnerable to the idlescan exploit from other attackers, and I believe our company has a false sense of security. OpenBSD is the only OS I know of which randomizes the IPID sequence therefore making it invulnerable to the idlescan, but we have neither the time nor urge to migrate to OpenBSD. How can one secure their Linux or NT TCP/IP stack from malicious idlescanning?"

2 of 37 comments (clear)

Min score:

Reason:

Sort:

two words and an acronym... by Anonymous Coward · 2002-10-21 12:43 · Score: 0, Troll

Microsoft Windows XP
who cares if you are scanned? by Anonymous Coward · 2002-10-21 13:05 · Score: -1, Troll

it doesnt matter when you're running linux. and since linux is open source preventing scanning is like using windows 2000.

if you want a sense of security, secure your software before you worry about scans. preventing idle scans is not going to secure your network, although it helps.

just install linux, thats all i can say.