1、 Xprobe2 Unsuccessful 00 xprobe2 -c /usr/local/etc/xprobe2.conf 3 XProbe2 v.0.1 Copyright (c 2002 fygraveW, ofirwsys- ± Target is 3 ± Loading modules. ± Following modules are loaded: xICMP echo (ping xTTL distance xICMP echo xICMP Timestamp xICMP Address xICMP Info

2、 Request xICMP port unreach ± 7 modules registered ± Initializing scan engine ± Running scan engine ± Host: 83 is down (Guess probability: 00 o ± Cleaning up scan engine ± Modules deinitialized ± Execution completed. Iptables Rulesets for Nmap 1 Stop n

3、map XMAS scans -A -m INPUT -p tcp tcp -tcp-flags FIN,SYN,RST,PSH,ACK,URG -j DROP 2 Stop nmap NULL scans -A -m INPUT -p tcp tcp -tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 3 Stop nmap TCP connect( and SYN scans -A INPUT -p tcp -m tcp -tcp-flags FIN,SYN FIN,SYN -j DROP 4 Stop nmap FIN scans -A INP

4、UT -p tcp -m tcp -tcp-flags FIN,ACK FIN -j DROP 5 And add for good measure -A INPUT -p tcp -m tcp -tcp-flags PSH,ACK PSH -j DROP -A INPUT -p tpc -m tcp -tcp-flags URG,ACK URG -j DROP Nmap Unsuccessful %Ops=MNNTNW T2(Resp=N T3(Resp=N T4(Resp=N T5(Resp=Y% oDF=Y% oW=00OACK=S+±%oFlags=AR0%oOp s= T6

5、(Resp=N T7(Resp=N PU(Resp=N Nmap run completed - 1 IP address (1 host up scanned in 63 seconds No exact OS matches for host (If you know what OS is running on it, see /cgi-bin/nmap-submit.cgi. TCP/IP fingerprint: SInfu(V=3.00 oP= i686-pc-linuxgnu%oD=1/12%oTime=3E21E095%O=22%C=8

6、0 TSeq(Class=RI0ogcd= 1%SI=33F6EB0%IPID=Z%TS= 100 HZ TSeq(Class=RI0ogcd= 1%SI=33F70A%IPID=Z%TS= 100 HZ TSeq(Class=Rl%ogcd= 1%SI=33F6E10%IPID=Z%TS= 100 HZ T1(Resp=Y% oDF=Y%oW= 16A0 OACK=S+±%oFlags=AS nmap -P0 -pl-100 -sS 3 Starting nmap V. 3.00 ( /nmap/ sendto in send_t

7、cp_raw: sendto(3, packet, 60, 0, 83, 16 => Operation not permitted (The 97 ports scanned but not shown below are in state: -O Port State Service 22/tcp open ssh 25/tcp open smtp 80/tcp closed http filtered possible. References 0., IArkin, X-Probe, 2Comer, D and Lin, J. (1994, Probing

8、 TCP implementations /homes/probe.tcp.html Stack TCP/IP 3 Defeating Fingerprinting /events/sec2000/smart.html 4Franck Veysset, Olivier Courtay, Olivier Heen, "New Tool and Technique for Remote Operating System Fingerprinting" (Response timing calculation

9、 based fingerprinting, April 2002 5Fyodor. Remote OS detection via TCP/IP stack fingerprinting. /nmap/map-fingerprintingarticle.html, October1998. 6Postel, J. (Sep, 1981, RFC 793Transmission Control Protocol 7 Xprobe's Homepage Hence we see that the ba

10、sically targeted protocols for fingerprinting are TCP, UDP and ICMP. The parameters of offset of the packets being send and revived are vendor (OS specific and the similarity and difference between these parameters help the tools to identify our operating system easily The basic need is to stop unknown packets from unknown source that are targeted to scan our system -that is to stop the SCAN. The next step is putting in and changing the