I am given a scenario of how a intruder exposed the open ports and entered the computer, but i am just a bit lost on how he did that, in the description, we are told he is using Nmap. I am not to familiar with Nmap, so wondering if anyone could help. As well how could i defend agaist this next time. This is the Sceneario "Professional penetration tests follow a set methodology, which is developed be*fore the actual operation commences. Most of these methodologies break down into a technique/tool pairing. Dave’s personal methodology was an amalgam of those from previous employers and techniques picked up from trial-and-error practices attempted at client locations. For the most part, his tools were constructed from scratch using open-source tools such as libpcap, libnet, libdnet, and libnids. Some of the tools he used were just not worth building on his own, namely traceroute, nmap, and the standard exploits. Since Jerald was neither a paying customer nor an experienced administrator, Dave decided to scrap his network topology discovery process and skip right to the host application discovery phase. This basically involved scanning a host to find what TCP and UDP services are bound to sockets and accepting connec*tions, and determining the version of each operating application. Additionally, it is important to determine the operating system, the kernel version number, and the processor architecture of the target system. Most of this can be done through the nmap tool."
nmap is a port scanner, it supports many diffrent ways of scanning the most popular way is the syn-scan which is pretty much a three way hand shake with out the third. So saying you are syn scanning a server with nmap u will go to the server on port 80 saying knock knock then you see if someone answers and you run away, sort of like ding dong ditch. Most firewalls detect these since they are the most popular attack. But like I said there are other scans Nmap does.
To defend those kind of attacks you can use Honeybot or a similar tool that notifies you when a intruder scans the ports of your computers and from what IP he did that. A port scan will alert me immediately so that I can keep an eye out for active connections using netstat or mmc.
