Nmap Development mailing list archives
Re: nmap and a new idea
From: Fyodor <fyodor () insecure org>
Date: Sun, 7 Mar 2004 15:54:00 -0800
On Fri, Feb 13, 2004 at 08:49:11AM -0600, phaseone () sio midco net wrote:
i have read about using RTO (reset time out) analyses using a tool like RING http://www.planb-security.net/wp/ring.html this concept is quite unique, in that it only needs 1 PACKET / 1 PORT to do it's job. it simply sends the standard SYN , waits for the SYN/ACK and then lets the socket end time out on the target , using the RTO value from the stack (specific to each vendor)
This technique was considered when I first added OS detection to Nmap 6 years ago (and you can find Usenet threads suggesting the method much farther back than that). While this technique can be valuable in some circumstances, it will never be added to Nmap for several major reasons: 1) It usually requires modifying the source host firewall rules so that your system doesn't RST the SYN/ACK that it receives. That is very hard to do in a portable way. And even if it was easy, it can annoy users when applications start adding filtering rules. 2) It is very slow. I don't want to wait several minutes (or even 45 seconds) to time retransmission delays. There are numerous other issues, but those two are the main ones. There are plenty of other techniques that give you just as much information without these hassles. I do plan to overhaul the OS detection system this year, adding many more techniques. I have been keeping a list for the last year or two of tests that I would like to add. I will also solicit ideas from you guys on the nmap-dev list (though new ideas are welcome anytime - please send them to the list for discussion).
seperate and call their "own", but it seems to me, if the nmap community would take ideas from everyone and build on others' tools and ideas and concepts, nmap
I have no compunctions about taking ideas from other tools, and I will always endeavor to credit them when I do so. That is a key benefit of open source. Of course Nmap is also GPL and so other tools can (and do) take ideas and code from it. Syn scanning, Idle scanning, OS detection, and version detection (among many others) were all available in other tools before being implemented in Nmap. I do like to think that the Nmap implementations offers many benefits over the other tools, but it will never be the best for every possible purpose. Cheers, Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- nmap and a new idea phaseone (Feb 13)
- Re: nmap and a new idea Fyodor (Mar 07)
- Re: nmap and a new idea Dual Mobius (Mar 07)
- Re: nmap and a new idea Fyodor (Mar 08)
- Re: nmap and a new idea Dual Mobius (Mar 07)
- Re: nmap and a new idea Fyodor (Mar 07)