Summary
The Deep Security Reconnaissance Scan feature allows the detection of network port scanning to the remote host. It can detect possible attack in your system.
To simulate different types of Reconnaissance Scan and check how Deep Security can detect it, you can use freeware cross-platform tool such as Nmap (Network Mapper).
Details
You can refer to the Nmap website for the installation binaries for different platforms.
Below are the Nmap commands that can be used to simulate the Reconnaissance Scan.
| Type | Description | Nmap command | Example |
|---|---|---|---|
| Computer OS Fingerprint Probe | The Agents/Appliances will recognize and react to active TCP stack OS fingerprinting attempts | Nmap -v -O target_IP | - |
| Network or Port Scan | The Agents/Appliances will recognize and react to port scans. | Nmap -v -sS target_IP | Nmap -v -sS 192.168.x.x |
| Nmap -p port_range target_IP | Nmap -p 1-5000 192.168.x.x | ||
| TCP Null Scan | The Agents/Appliances will refuse packets with no flags set. | Nmap -v -sN target_IP | - |
| TCP SYNFIN Scan | The Agents/Appliances will refuse packets with only the SYN and FIN flags set. | Nmap -v —scanflags SYNFIN target_IP | - |
| TCP Xmas Scan | The Agents/Appliances will refuse packets with only the FIN, URG, and PSH flags set or a value of 0xFF (every possible flag set). | Nmap -v -sX target_IP | - |
For more information about the Reconnaissance Scan feature, refer to the Deep Security Help Center.
