Miller Harrison was still working his way down his attack protocol.

Nmap started out as it usually did: giving the program identification and version number.

Then it started reporting back on the first host in the SLS network. It reported all of the

open ports on this server. Then the program moved on to a second host and began reporting

back the open ports on that system, too. Once it reached the third host, however, it suddenly

stopped.

Miller restarted Nmap, using the last host IP as the starting point for the next scan. No

response. He opened up another command window and tried to ping the first host he had just

port-scanned. No luck. He tried to ping the SLS firewall. Nothing. He happened to know the

IP address for the SLS edge router. He pinged that and got the same result. He had been

blackholed—meaning his IP address had been put on a list of addresses from which the SLS

edge router would no longer accept packets. This was, ironically, his own doing. The IDPS

he had been helping SLS configure seemed to be working just fine at the moment. His attempt

to hack the SLS network was shut down cold.