Nmap Announce mailing list archives

Re: nmap's "-S" option and linux SAV

From: Michel Arboi <arboi () bigfoot com>
Date: 16 Jul 2000 11:21:04 +0200

tech_related () ip pt writes:

Does the kernel's SAV always prove incapable of blocking nmap's
scans using spoofed packets? Or am I missing something?


I am afraid you are missing something. There is nothing magic about
SAV in the TCP/IP stack, because faked packets just look like "genuine"
packets. There is only one way to identify them:
e.g., if you receive on your external interface, packets that
"originate" from your internal network.

-- 
mailto:arboi () bigfoot com     http://www.bigfoot.com/~arboi/
GPG Public keys: http://www.bigfoot.com/~arboi/pubkey.txt

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

nmap's "-S" option and linux SAV tech_related (Jul 15)
- Re: nmap's "-S" option and linux SAV Fyodor (Jul 15)
- Re: nmap's "-S" option and linux SAV Michel Arboi (Jul 17)