TCP Split Handshake and Nmap

[jah <jah () zadkiel plus com>]

Hi folks,

Has anybody read "The TCP Split Handshake: Practical Effects on Modern
Network Equipment" published in the Macrothink Network Protocols and
Algorithms journal [1]?  I thought section 8 regarding port scan
detection of a split handshake was particularly interesting and reckon
Nmap could easily handle a SYN or an ACK in response to a SYN probe in
order to mark a port as open.

If this was something we'd like to do, would we add ER_SYN and ER_ACK to
portreasons?

Related: what is ER_INITACK? it doesn't seem to be referenced anywhere...

jah

[1] - http://www.macrothink.org/journal/index.php/npa/article/view/285
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/