Nmap Announce mailing list archives

fooling nmap

From: "Bep Verberk" <verberk () nortelnetworks com>
Date: Thu, 10 Feb 2000 08:49:56 -0500

Its easy to do a custom hack to fool nmap, but its "custom", its on my
few boxes alone.

I would not like to see nmap evolving to work around every possible customization that
comes along - unless of course a particular little trick becomes widespread - but then it
actually becomes a useful fingerprint.

IMHO the preferred approach is  continued addition of ways to customize and randomize
scans, so that the scanning itself does not have a predictable fingerprint.

BTW, anyone working on an ID  tool that fingerprints nmap ?  Something that
would identify an nmap scan, the type of scan, the version of nmap, the OS the
scan was run from, etc.

--
Bep Verberk
verberk () nortelnetworks com

Current thread:

Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
  - Re: Intrusion detection question. Jose Nazario (Feb 10)
  - fooling nmap Bep Verberk (Feb 10)
    - Re: fooling nmap Lance Spitzner (Feb 10)
    - Re: fooling nmap CyberPsychotic (Feb 11)
    - Re: fooling nmap Vanja Hrustic (Feb 11)
    - Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Michel Arboi (Feb 10)
  - Re: Intrusion detection question. Tomi Ollila (Feb 10)
    - Re: Intrusion detection question. Michel Arboi (Feb 14)
    - Re: Intrusion detection question. Tomi Ollila (Feb 21)
  - Re: Intrusion detection question. Bart van Leeuwen (Feb 10)