Nmap Announce mailing list archives
Re: Detected NMAP scan
From: Chris Tobkin <tobkin () jaws umn edu>
Date: Wed, 6 Jan 1999 17:07:18 -0600 (CST)
Also everyone concerned about watching for scans in their logs should keep in mind how easy it is to spoof a scan "-e eth0 -S www.whitehouse.gov". Of course they aren't getting any information, but there are people out there who enjoy disinformation, or like to cause trouble. Also even if the ip scanning you is the correct one, odds are in this day that it's an 0wned linux machine, and the rightful admin has no clue it's occuring. They should be notified, but probably not accused.
Also, somone can use the above modification to the command and scan your network with spoofed addrs 20 or 30 times and then do it once from the actual host.. It'll get lost in the clutter.. It would be trivial to make a shell script to do this.. i.e. if your ip was 11.23.48.45 just have it iterate through faking [1..80].23.48.45 and when it gets to 11, do the actual scan.. if somone is logging the sys like my firewall does.. they'll probably just shrug it off because of the sheer number of different admins they'd have to email.. // chris tobkin () umn edu ************************************************************************* Chris Tobkin tobkin () umn edu Java and Web Services - Academic and Distributed Computing Services - UMN Shep. Labs 190 Minneapolis, MN 55455 ----------------------------------------------------------------------- "Thanks to the printing press, the deviant smart people were able to distribute their genius without having to pass it on genetically. Evolution was short-circuited. We gained knowledge and technology without gaining intelligence." - Scott Adams *************************************************************************
Current thread:
- RE: Detected NMAP scan, (continued)
- RE: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan David G. Andersen (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Lance Spitzner (Jan 06)
- RE: Detected NMAP scan Jordan Ritter (Jan 06)
- RE: Detected NMAP scan Simple Nomad (Jan 06)
- RE: Detected NMAP scan David G. Andersen (Jan 06)
- Re: Detected NMAP scan Dave Packham (Jan 06)
- Re: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan joff (Jan 06)
- RE: Detected NMAP scan Lamont Granquist (Jan 06)
- RE: Detected NMAP scan Max Vision (Jan 06)
- Re: Detected NMAP scan Chris Tobkin (Jan 06)
- RE: Detected NMAP scan wanb0y (Jan 06)