nst_17
17
6.0 Conclusion
We have reviewed some scanning types combined with hard-to-detect or even non-
detectable scanning techniques.
Understanding the importance of detecting these scans can prevent, in some cases, an
intrusion to the systems that were scanned. The detection can be partly achieved by
implementing an Intrusion Detection system28. Tuning it right is another issue of major
importance. The second part is maintenance of the system, getting information on new and
wicked scanning types and techniques, understanding their signatures, and implementing
new filters to detect them.
The number of simple automated scans is constantly on the rise, and consequently the
number of attempts to get intelligence and eventually trying to hack into sites.
Tightening your security to the maximum can drive some attackers away.
Some attackers will take the challenge.
Identifying these probing attempts will give you an indication that an upcoming attack might
be on its way.
28
I recommand you check out Network Flight Recorder at http://www.nfr.net.