Nmap Announce mailing list archives
Re: fooling nmap
From: "The Cyberiad" <cyberiad () cyberus ca>
Date: Fri, 11 Feb 2000 14:21:52 -0500
Fyodor might help with this. But to recognize OS, one would need to do an nMap scan against the scanning host :) And that topic always brings a thread that talks about 'legality' of counter-scan, etc, etc :)
The scanning computer's stack will respond to your own computer's response. Trap _this_ response packet and use the IP and TCP field information to characterize the scanning computer's OS. There will certainly be less data points to work with and perhaps less information in this packet than if you initiated a counter-scan of your own. Has anyone investigated this ? Cyberiad
Current thread:
- Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Jose Nazario (Feb 10)
- fooling nmap Bep Verberk (Feb 10)
- Re: fooling nmap Lance Spitzner (Feb 10)
- Re: fooling nmap CyberPsychotic (Feb 11)
- Re: fooling nmap Vanja Hrustic (Feb 11)
- Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Tomi Ollila (Feb 10)
- Re: Intrusion detection question. Michel Arboi (Feb 14)
- Re: Intrusion detection question. Tomi Ollila (Feb 21)