Nmap Development mailing list archives
TCP Split Handshake and Nmap
From: jah <jah () zadkiel plus com>
Date: Thu, 03 Jun 2010 01:19:15 +0100
Hi folks, Has anybody read "The TCP Split Handshake: Practical Effects on Modern Network Equipment" published in the Macrothink Network Protocols and Algorithms journal [1]? I thought section 8 regarding port scan detection of a split handshake was particularly interesting and reckon Nmap could easily handle a SYN or an ACK in response to a SYN probe in order to mark a port as open. If this was something we'd like to do, would we add ER_SYN and ER_ACK to portreasons? Related: what is ER_INITACK? it doesn't seem to be referenced anywhere... jah [1] - http://www.macrothink.org/journal/index.php/npa/article/view/285 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- TCP Split Handshake and Nmap jah (Jun 02)
- what is ER_INITACK? jah (Jun 02)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 03)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 03)
- Re: TCP Split Handshake and Nmap jah (Jun 04)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 07)
- Re: TCP Split Handshake and Nmap jah (Jun 07)
- Re: TCP Split Handshake and Nmap David Fifield (Jun 08)
- Re: TCP Split Handshake and Nmap jah (Jun 08)
- Re: TCP Split Handshake and Nmap David Fifield (Jun 08)
- Re: TCP Split Handshake and Nmap Fyodor (Jun 10)