NMap Null Scan

Forum Moderators: phranque

Message Too Old, No Replies

NMap Null Scan

from web sites I visited

Hobbs

11:39 am on Apr 5, 2008 (gmt 0)

My NAV sometimes reports the NMap Null Scan from web sites I've visited sometimes hours later, from what I've read this is an open port/services scan, but what does that on a website you've visited, and why many minutes later after the visit?

incrediBILL

5:15 pm on Apr 5, 2008 (gmt 0)

NMAP is used to evaluate the security of computers, and to discover services or servers on a computer network. It is used by both ethical and malicious hackers but I'd stay away from those sites even if NAV blocked it.

BTW, are you using a hardware firewall or are you plugged directly into the internet modem?

I suspect you don't have a hardware firewall router as I've never been port scanned behind my router that I can remember.

Hobbs

5:51 pm on Apr 5, 2008 (gmt 0)

Exactly!
I'm on a virtual IP in a lan behind a Router.
In addition to NAV, I also have ZoneAlarm on my machine.
This is not one off site, this is the 6th or 7th site this week alone!

What are those sites infected with?
The most interesting part to me was the big time lapse between visiting the site and its doing the scan.

Hobbs

2:36 pm on Apr 13, 2008 (gmt 0)

here's a good one:
For the second time I'm alerted by NAV that it blocked an NMap Null Scan "intrusion attempt" by .. <drum roll>
www.google-analytics.com (72.14.207.99)

I'd stay away from those sites

almost impossible nowadays Bill

NMap Null Scan

from web sites I visited

Hobbs

incrediBILL

Hobbs

Hobbs

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week