Vulnerability Development mailing list archives
Re: things to break..
From: thegnome () NMRC ORG (Simple Nomad)
Date: Tue, 25 Jan 2000 09:28:39 -0600
On Mon, 24 Jan 2000, John Galt wrote:
Yeah, but it portscans every time you bring it up...I wonder if there's a way to "mask" a scan from portscan or nmap to look like a napster scan?
Certainly. I discussed briefly the idea of masking scan traffic to look like normal traffic at a SANS talk last October and am currently writing a paper on just that topic -- masking scans to look like normal traffic, and therefore be ignored by busy admins looking at logs. The problem with masking things as a napster server is that there are very limited scans you can do. The nature of the traffic is not one that lends itself to portscanning. For example, it is short and bursty (at least during negotiation of the port). Web traffic on the other hand, is much easier to mimic because there is so much of it, and would allow you to cover more ports in a quicker time. So it could be done but if your intent was masking a port scan there are other forms of traffic I'd consider first. - Simple Nomad - No rest for the Wicca'd - - thegnome () nmrc org - www.nmrc.org - - thegnome () bos bindview com - www.bindview.com -
Current thread:
- Re: things to break.., (continued)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. WHiTe VaMPiRe (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. John Galt (Jan 24)
- Re: things to break.. Matt Conover (Jan 25)
- Re: things to break.. Simple Nomad (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- ICQ Pass Cracker. WolF Knox (Jan 26)
- Re: ICQ Pass Cracker. Blue Boar (Jan 26)
- Re: ICQ Pass Cracker. Usman (Jan 26)
- Re: ICQ Pass Cracker. Vladimir Dubrovin (Jan 27)
- Shadow kjkotas (Jan 24)
- Re: Secure coding in C (was Re: Administrivia #4883) Marc Slemko (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Brian Kifiak (Jan 16)