I discovered that some ports will show an open state after an all port syn scan or service scan, but then lockout after attempting to connect to the port with netcat. But other times this said port will not lockout i.e. stay open, and even accept multiple syn scans thereafter i.e. show an open state. I’m unable to find consistent behavior with the target. Perhaps this is a function of an effective IPS?
I’m assuming the port in question is refusing to respond to my scans because my IP is now blocked from communication; I found that using more than one scanning machine avoids this problem.
But what solution is there when an IPS blocks your entire network address? Proxychains? Using a remote server? What about when the remote server network address is blocked?
My overall questions are when is it appropriate to use the all port switch ’ -p- ’ when dealing with actively monitored IDS/IPS’s and finding open ports?
How should an all port scan be used (Switches to use, timing settings) within the context of active IDS/IPS’s and finding open ports?