Monitoring on NMAP scans

Unfortunately, many of the mentioned open source tools, do not focus on specific analysis of NMAP Data packets. NMAP is the most popular open source network scanner available and therefore we have focused to bring 'Yin-Yang' balance on the side of security. OSSEC is an excellent tool which will log attempts on portscanning for example:

Nov 14 18:09:08 TCP: domain connection attempt from 10.10.150.1:51239 Nov 14 18:09:08 TCP: https connection attempt from 10.10.150.1:51240 Nov 14 18:09:08 TCP: port 1723 connection attempt from 10.10.150.1:51241 Nov 14 18:09:08 TCP: ftp connection attempt from 10.10.150.1:51242 Nov 14 18:09:08 TCP: smtp connection attempt from 10.10.150.1:51243

But not 'per se' does these logs identify when a machine is attempting attacks using Nmap and what responses were eventually obtained by the NMAP tool on the network.

Another tool which has this capabilities is PSAD instruction detection system which works on LINUX, however it has a dependency with IP tables and only works for this operating system.

Firewalls/IDS dependency

Firewalls do have a technology called 'Deep Packet Inspection' which helps fingerprint and reject unwanted network traffic coming from tools like Nmap, but in most cases, a system administrator depends on the proper configuration settings and own logging mechanisms to properly identify scans done by Nmap.Last but not least, we have the dependency of relative expensive tools as firewalls to help us with this task.

Yin -Yang Balance: Nmapalyzer

As hackers count on quite well developed , free open source tools to scan ports, there should be more tools to help counter arrest or at least identify and help system administrators to protect their networks when blackhats are using Nmap tool against them. Therefore the purpose of Nmapalyzer is to identify, alert and log Nmap port scanning activities against a network, contributing on the security arsenal with effective tools against malicious port scannings.