Intrusion Detection Level Analysis of Nmap and Queso

The purpose of this paper is to help Intrusion detection analysts and firewall administrators identify NMAP & QUESO scans. This paper will provide bit level analysis in detecting NMAP and QUESO scans. This type of analysis is vital for individuals who are performing firewall administration and need to understand more details relating to these scanners and the scans they perform.

A port scanner is a tool used by both system administrators and attacker(s) to identify vulnerabilities in operating systems. Port scanners identify vulnerabilities by sending normal and abnormal packets to computer ports and waiting for a response to determine what port(s) are 'open'. From this data, a system administrator, or an attacker, can determine what holes need to be patched or what holes can be exploited.

There are several different types of port scanners. There are free port scanners such as NMAP and QUESO. Free port scanners allow for a lot of flexibility in scanning for vulnerabilities. There are commercial scanners available to use if you or your company requires a licensed product. A comparison of commercial scanners vs. free scanners is beyond the scope of this paper.