Nmap Development mailing list archives

Re: Invalidating Stealth

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 5 Oct 2005 13:52:27 +0200

On Tue, Oct 04, 2005 at 10:57:33AM -0500, Crenshaw, Adrian D wrote:

If you use an idle scan (-sI), but don't use -P0, the true scanning
IP will be given away because of the ping.


Last time I was experimenting with spoofing the source (through -S and
-e, not -sI), TCP pinging was spoofing correctly but ICMP pinging
wasn't ... (I have already reported this to the list, w/o an answer)

Martin Mačok
ICT Security Consultant


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Invalidating Stealth Crenshaw, Adrian D (Oct 04)
- Re: Invalidating Stealth jonathan roeder (Oct 04)
- Re: Invalidating Stealth Martin Mačok (Oct 05)