Network Anti-Reconnaissance: Messing with Nmap Through Smoke and Mirrors presented at DEF CON 20

by Dan ( altf4 ) Petro,

Tags: Security

Summary : Reconnaissance on a network has been an
attackers game for far too long, wheres the
defense? Nmap routinely evades firewalls,
traverses NATs, bypasses signature based
NIDS, and gathers up the details of your
highly vulnerable box serving Top Secret
documents. Why make it so easy?
In this talk, we will explore how to prevent network
reconnaissance by using honeyd to flood your
network with low fidelity honeypots. We then
discuss how this lets us constrain the problem of
detecting reconnaissance such that a machine
learning algorithm can be effectively applied. (No
signatures!) We will also discuss some important
additions to honeyd that we had to make along
the way, and perform a live demonstration of our
free software tool for doing all of the above: Nova.