Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add option to give up on host after too many open ports (e.g. IPS) #1904
When scanning some IP addresses, after a certain number of ports are scanned, the device (or a device in between Nmap and the target) starts responding with SYN-ACK to every port.
This seems to be an IPS (Intrusion Prevention System), or similar active defence system, which responds in this way to slow down / tarpit port scans.
It works annoyingly well, as the scans slow down, and then service detection takes forever because there are so many "open" services.
Could we add an option to abandon a host after a certain threshold of "open" ports?
This is an interesting idea, and we actually got as far as a proof-of-concept patch back in 2014 by @jaybosamiya. The option was called