Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Implemented non-repeating "extra_payload"

From: Royce Williams <royce () techsolvency com>
Date: Fri, 5 Dec 2014 06:42:18 -0900
On Wed, Dec 3, 2014 at 8:01 PM, Fyodor <fyodor () nmap org> wrote:



On Fri, Nov 21, 2014 at 2:46 PM, Andrew Jason Farabee <afarabee () uci edu>
wrote:


I'm sure you all are busy but I was wondering if anyone could take a look
at my changes to the nmap git at https://github.com/andrewfarabee/nmap
and let me know what you think.  The changes are very minimal and it still
runs effieciently. I'm also attaching a paper on the logic behind the
changes.  Thanks a lot for your time, I would appreciate any feedback!



Thanks for the interesting writeup and patch!  It's not really clear which
is "better" in general--the current fixed string behavior or choosing new
random packet data for each packet.  There are (tiny) advantages and
disadvantages to each.  But it is good that your patch is available in case
anyone ever encounters a need for that behavior.



Andrew, which specific IDS/IPS/etc currently detect scanning based on the
characteristics that your patch changes, and no longer detect nmap scans
when your patch is applied?

Royce

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: