Running through a few very basics tests to prove Zone Protection etc with a customer, what is the expected default behaviour for reconaissance scans such as Null, FIN and XMAS scans?
Currently I can get the following nmap commands to run without issue and no logs beyond ping or icmp.
What would be the appropriate measure to block/alert these? assuming there is a cryptic box top tick under the ZPP dialogs
Solved! Go to Solution.
Confirming that a packet capture on the "victim" machine shows no packets with TCP flags for ACK, FIN or PSH set when performing Christmas Tree. Packet capture on Firewall at stage "Receive" shows that the packets are indeed received by the firewall.
nmap command used:
nmap -sX -v [host]
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!