Nmap Development mailing list archives
Re: decoys and limiting outbound RST packets
From: Martin Mačok <martin.macok () underground cz>
Date: Sun, 2 Jan 2005 20:19:31 +0100
On Sun, Jan 02, 2005 at 11:18:15AM -0500, Michael Rash wrote:
Let's say that the target sees parallel probes to same ports from N different IPs (ie. decoy scan). It could divide the IPs into two groups and send the response(s) to single probe just to the first group and send nothing to the second. If retransmission occurs, the real IP is in the second group, otherwise it is in the first group.But the target would have no idea if the real IP is blocking its own outbound RST packets.
Not true. The algorithm above does not depend on RST packets. It depends on scanner retransmitting the probe when it gets no answer. Martin Mačok IT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- decoys and limiting outbound RST packets Michael Rash (Jan 01)
- Re: decoys and limiting outbound RST packets Slarty (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 03)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Slarty (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- <Possible follow-ups>
- RE: decoys and limiting outbound RST packets robert (Jan 05)