[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pen-Test PF rule-set

On Thursday 03 April 2003 08:37, Ron Rosson wrote:
> I have recently found out that my current pf ruleset I am using while
> conducting penetration testing interferes with nmap scans and a few other
> things. Has anyone got a proven ruleset that has not
> gotten in the way of there nmap scans and such.
"nmap -O" uses strange packets to discover the OS.
These packets are:
1) blocked by your scrub rules
2) blocked by PF because contain IP options
To better understand how does it work, try to use ethereal (or tcpdump) to 
sniff a local nmap scan. You'll see all those packets.