[Snort-users] Nmap Scanning with Snort Detection

Friday Akpan akpano at ...131...
Wed Jan 1 16:22:02 EST 2003


I am working with the Nmap network scanning tool and
also looking at using the Snort open source intrusion
detection system to detect these scanning activities.

I discovered that Nmap using the ICMP Ping Discovery
option seems not to scan the network with any of the
Nmap Scan types (SYN stealth, FIN stealth, Ping Sweep,
etc.) The output for most of the scan types is the
same, and a sample is attached to this email.

Also, the Snort intrusion detection system does not
detect scanning with Nmap using the ICMP Ping
Discovery method at all. Is this normal? Or, there is
something I need to do.

Please I will appreciate your contributions on this.

Thank you.

Best regards,


Starting nmap V. 3.00 ( www.insecure.org/nmap )
Note: Host seems down. If it is really up, but
blocking our ping 
probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up)
scanned in 30 seconds

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

More information about the Snort-users mailing list