Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Nmap commands to check Reconnaissance Scan feature in Deep Security

    • Updated:
    • 10 Sep 2015
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • CentOS 5.4 32-bit
    • CentOS 5.4 64-bit
    • CentOS 5.5 32-bit
    • CentOS 5.5 64-bit
    • CentOS 5.6 32-bit
    • CentOS 5.6 64-bit
    • CentOS 5.7 32-bit
    • CentOS 5.7 64-bit
    • CentOS 5.8 32-bit
    • CentOS 5.8 64-bit
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • CentOS 6.1 32-bit
    • CentOS 6.1 64-bit
    • CentOS 6.2 32-bit
    • CentOS 6.2 64-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Oracle Linux 5 32-bit
    • Oracle Linux 5 64-bit
    • Oracle Linux 6 32-bit
    • Oracle Linux 6 64-bit
    • Oracle Solaris 11 SPARC
    • Oracle Solaris 11 x86
    • Ubuntu 10.04 64-bit
    • Ubuntu 12.04 64-bit
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Server Core
    • Windows 2008 Server Foundation
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Foundation R2
    • Windows 2012 Standard R2
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows 8.1 32-bit
    • Windows 8.1 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
    • Windows XP SP2 32-bit
    • Windows XP SP3 32-bit
Summary

The Deep Security Reconnaissance Scan feature allows the detection of network port scanning to the remote host. It can detect possible attack in your system.

To simulate different types of Reconnaissance Scan and check how Deep Security can detect it, you can use freeware cross-platform tool such as Nmap (Network Mapper).

Details
Public

You can refer to the Nmap website for the installation binaries for different platforms.

Below are the Nmap commands that can be used to simulate the Reconnaissance Scan.

TypeDescriptionNmap command
Computer OS
Fingerprint Probe
The Agents/Appliances will recognize and react to active TCP stack OS fingerprinting attemptsNmap -v -O target_IP
Network or Port ScanThe Agents/Appliances will recognize and react to port scans.Nmap -v -sS target_IP
TCP Null ScanThe Agents/Appliances will refuse packets with no flags set.Nmap -v -sN target_IP
TCP SYNFIN ScanThe Agents/Appliances will refuse packets with only the SYN and FIN flags set.Nmap -v —scanflags SYNFIN target_IP
TCP Xmas ScanThe Agents/Appliances will refuse packets with only the FIN, URG, and PSH flags set or a value of 0xFF (every possible flag set).Nmap -v -sX target_IP

For more information about the Reconnaissance Scan feature, refer to the Deep Security 9.0 Administrator Guide.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1104677
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.