Nmap Development mailing list archives
Re: Implemented non-repeating "extra_payload"
From: Royce Williams <royce () techsolvency com>
Date: Fri, 5 Dec 2014 06:42:18 -0900
On Wed, Dec 3, 2014 at 8:01 PM, Fyodor <fyodor () nmap org> wrote:
On Fri, Nov 21, 2014 at 2:46 PM, Andrew Jason Farabee <afarabee () uci edu> wrote:I'm sure you all are busy but I was wondering if anyone could take a look at my changes to the nmap git at https://github.com/andrewfarabee/nmap and let me know what you think. The changes are very minimal and it still runs effieciently. I'm also attaching a paper on the logic behind the changes. Thanks a lot for your time, I would appreciate any feedback!Thanks for the interesting writeup and patch! It's not really clear which is "better" in general--the current fixed string behavior or choosing new random packet data for each packet. There are (tiny) advantages and disadvantages to each. But it is good that your patch is available in case anyone ever encounters a need for that behavior.
Andrew, which specific IDS/IPS/etc currently detect scanning based on the characteristics that your patch changes, and no longer detect nmap scans when your patch is applied? Royce
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Implemented non-repeating "extra_payload" Andrew Jason Farabee (Nov 22)
- Re: Implemented non-repeating "extra_payload" Fyodor (Dec 05)
- Re: Implemented non-repeating "extra_payload" Royce Williams (Dec 05)
- Re: Implemented non-repeating "extra_payload" Andrew Jason Farabee (Dec 05)
- Re: Implemented non-repeating "extra_payload" Royce Williams (Dec 05)
- Re: Implemented non-repeating "extra_payload" Fyodor (Dec 05)