Solarwinds Port Scanner – looks nice but can
                   be very noisy. Better suited for administrators.
                   Hping3 – can perform firewall testing,
                   advanced port scanning, network testing using
                   different protocols, TOS, fragmentation,
                   manual path MTU discovery, advanced
                   traceroute under all the supported protocols,
                   remote operating system fingerprinting,
                   remote uptime guessing, and TCP/IP stacks
                   auditing.
                   Passive operating system Finger Printing
                   Utility – great tool for analyzing a website or
                   application when you cannot scan directly.

                   Section 4 – Countermeasures
                                                       47

                   Countermeasures: Scanning

                       •  Disable all ICMP both inbound and
                          outbound at the firewall
                       •  Configure the firewall to drop all
                          invalid packets and anomalies
                       •  Enable application-layer monitoring of
                          data at the firewall or IDS
                       •  Use an intrusion detection system to
                          detect port scans and then terminate
                          that connection





                   47  Certified Penetration Testing Engineer Workbook v5 Volume 1,
                   Mile2, 206-208.


                                                               416