Security Basics mailing list archives
Nmap - Under the hood
From: skill2die4 () secguru com
Date: Sun, 12 Dec 2004 03:43:41 -0600 (CST)
I am in a process of jotting down the various options available with NMAP while doing port scanning, collecting ethereal packets for various scans_types and also doing discussing on which scan works best under what circumstances. Results at : http://www.secguru.com/forum/viewtopic.php?t=68 However, when i started fiddling with the -sF, -sX and -sN .. i found that most of the machines being scanned are responding back as "open" to everything. I tried these scan options against M$oft, Fedora and Solaris ; but it reported all ports 'open' which i know aint true. The Nmap manpage states, "There are times when even SYN scanning isn't clandestine enough. Some firewalls and packet filters watch for SYNs to restricted ports, and programs like Synlogger and Courtney are available to detect these scans. These advanced scans, on the other hand, may be able to pass through unmolested." I got the idea about the scan , but dont have any live example. If you know any OS.(+version) that DOES reply back with RST please let me know ! TIA, -=skillz=-
Current thread:
- Nmap - Under the hood skill2die4 (Dec 13)
- Re: Nmap - Under the hood Fyodor (Dec 13)