Nmap Announce mailing list archives
Re: NMAP guide
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Tue, 6 Apr 1999 10:50:00 -0700
On Tue, 6 Apr 1999, Fyodor wrote:
The page also argues that nmap decoy scans are detectable when used with -sS because nmap doesn't spoof RST packets from the decoys in response to the SYN|ACK packets received from open ports of the target host. People are urged to check out the page and see if they can spot the problem with the paper on their own. If you are having trouble, here is a hint: He broke one of the cardinal rules of decoy scanning. If you still aren't sure, carefully reread the -D section of the nmap man page:
Actually he changed the page to address this fact. It does bring up another issue, though, since I suggested in that write up that people spoof their IP to be a machine which isn't up. My guess is that you can get away with this for pinging and portscanning, but that you'll wind up SYN flooding the target on an -O scan. I suppose I should actually play around with spoofing -- I didn't before I wrote that because spoofing is busted on IRIX and I was getting tired of writing and just wanted to send it off. -- Lamont Granquist lamontg () genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- NMAP guide Lamont Granquist (Apr 05)
- Re: NMAP guide Max Vision (Apr 05)
- Re: NMAP guide Fyodor (Apr 06)
- Re: NMAP guide Max Vision (Apr 06)
- Re: NMAP guide Lamont Granquist (Apr 06)
- Re: NMAP guide Fyodor (Apr 06)
- Re: NMAP guide Max Vision (Apr 05)