Target Enumeration and Port Scanning Techniques
◾
113
This command would save the
output into a grepable format, which is one host per line.
The following command will highlight all the ports that are open, which in this case is only
port 80.
XML Format
The XML format is by far the most useful output format in nmap. The reason is that the XML
output generated from nmap can be easily ported over to dradis framework and armitage.
Example
nmap –sS 192.168.15.1 –oX
Advanced Firewall/IDS Evading Techniques
The techniques that we have discussed here are very loud in nature and are often detected by fire-
walls and IDS. Even scan techniques such as XMAS, FIN, and NULL are not that accurate; also,
they don’t work on the Windows operating system, so they have a limited advantage over firewalls
and IDS.
In this section, we will discuss some of the techniques that can be used to evade firewall detec-
tion. There is no universal method to do this; it’s all based on trial and error. Thus, methods could
work on some firewalls/IDS but fail with others. It all depends upon how strong the rule sets are.
The Nmap book discusses a wide variety of techniques that could be used to get past firewalls.
We will now briefly look at some of them:
◾
Timing technique
◾
Fragmented packets