Lister les scripts:
tree /usr/share/nmap/scripts/
→ http://10.129.185.97/status.php
Block for 3 minutes when detect
Ping / Refresh web → Alert
sudo nmap -T1 $HOST -vv --disable-arp-ping --top-ports 1000 -f -Pn -sA -D RND:5 --packet-trace --source-port 21 --data-length 100
Réponse de 10.129.185.97:5900
10.129.185.97:8888
Mais reset
RCVD (30.5878s) TCP 10.129.103.158:587 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896143140 win=0
RCVD (45.5880s) TCP 10.129.103.158:8080 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896143140 win=0
RCVD (60.6023s) TCP 10.129.103.158:445 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896143140 win=0
RCVD (90.6255s) TCP 10.129.103.158:993 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896143140 win=0
RCVD (135.6315s) TCP 10.129.103.158:5900 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896143140 win=0
RCVD (150.6475s) TCP 10.129.103.158:135 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896143140 win=0
RCVD (165.6621s) TCP 10.129.103.158:143 > 10.10.16.21:21 R ttl=63 id=0 iplen=40 seq=3896470817 win=0
5900,587,8080,445,993,135,143,443
Given in IDS/IPS Evasion article: