Nmap Announce mailing list archives
fooling nmap
From: "Bep Verberk" <verberk () nortelnetworks com>
Date: Thu, 10 Feb 2000 08:49:56 -0500
Its easy to do a custom hack to fool nmap, but its "custom", its on my few boxes alone. I would not like to see nmap evolving to work around every possible customization that comes along - unless of course a particular little trick becomes widespread - but then it actually becomes a useful fingerprint. IMHO the preferred approach is continued addition of ways to customize and randomize scans, so that the scanning itself does not have a predictable fingerprint. BTW, anyone working on an ID tool that fingerprints nmap ? Something that would identify an nmap scan, the type of scan, the version of nmap, the OS the scan was run from, etc. -- Bep Verberk verberk () nortelnetworks com
Current thread:
- Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Jose Nazario (Feb 10)
- fooling nmap Bep Verberk (Feb 10)
- Re: fooling nmap Lance Spitzner (Feb 10)
- Re: fooling nmap CyberPsychotic (Feb 11)
- Re: fooling nmap Vanja Hrustic (Feb 11)
- Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Tomi Ollila (Feb 10)
- Re: Intrusion detection question. Michel Arboi (Feb 14)
- Re: Intrusion detection question. Tomi Ollila (Feb 21)