Nmap Announce mailing list archives
Re: randomization of sequence numbers in nmap 2.03
From: ajax <ajax () mobis com>
Date: Wed, 3 Feb 1999 23:42:13 -0600 (EST)
Hi, Something i've been thinking about is adding the ability for nmap to take its list of hosts that its scanning for and randomize all hosts, scanning for ports on one host at a time. This has several benefits, clearest of which is that it doesnt appear like one is hammering one network for any length of time. Manytimes, multiple machines log syslogd to one box. Also, the changes I wrote to nmap previously, the vulnerability scanning functions, are mostly complete, i've gotten it down to where it can scan one host correctly with no problems. However, attempts to do multiple IP's for some reason cause it to segfault. I'm still ironing it out, and if some people would like to work with me on it, it would be greatly appreciated. Check out the diffs for 2.01 on www.mobis.com/ajax/code/nmap ajax On Wed, 3 Feb 1999, HD Moore wrote:
An easy way to detect an nmap 2.03 syn scan is by looking through traffic for multiple packets with the same sequence number. A tcpdump output parsing script I wrote will dig all the syn's out of a traffic dump, hash them and compare by sequence number to find sets where the number of packets with the same sequence number is over a threshold. The quick-fix for nmap.c is attached, if anyone wants the script drop me a note. -HD
Current thread:
- randomization of sequence numbers in nmap 2.03 HD Moore (Feb 03)
- Re: randomization of sequence numbers in nmap 2.03 ajax (Feb 03)