Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP Resource Exhaustion Attacks

From: Fyodor <fyodor () insecure org>
Date: Mon, 6 Oct 2008 00:51:27 -0700
On Thu, Oct 02, 2008 at 09:10:21PM +0000, Brandon Enright wrote:


I think the only reason why a Nmap user or Nmap dev should care is that
if vendors start modifying their TCP/IP attacks to either patch a real
bug, or look like they patched a bug, a lot of OS fingerprints are
likely to need to be added.


That would be truly awesome (for Nmap).  Earlier TCP/IP security
tweaks such as randomized ISN's and randomized IPIDs were a big help
in distinguishing operating systems, as were non-security-related
changes such as the selective ACK option and ECN.  I should join a
working group on improving TCP DoS resiliency just so I can promote
changes which Nmap OS detection can distinguish :).

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: