Nmap Announce mailing list archives
Re: how to know scan is correct?
From: Enrico Demarin <mccoy () smc smc it>
Date: Fri, 11 Feb 2000 09:58:55 +0100 (CET)
I think the problem is caused by the daemon iplogger that ships with corel linux and is enabled by default. It literally goes berserk when the machine is scanned and starts writing logs like mad . disabling it seemed to solve the problem... On Thu, 10 Feb 2000, $eeweed wrote:
I noticed that Corel Linux version 1.0 has some major work that needs to be done because of it structure it hangs when you decide to run nmap against, Corel really thought this one out,ehh.... Time to bring in the real OS's ....just thought I'd let you guys know that if you decide to build an operating system..dont let it be as shitty as Corel...(which is what my work has) On Wed, 9 Feb 2000, Marcy Abene wrote:You can't avoid a syn scan - what do you think you are talking about? Here, look. :-> syn scan: (nmap -sS) haxor target syn -> <- syn ack rst -> tcp connect full: (nmap -sT) hax0r target syn -> <- syn ack ack -> finack -> <- ack <- finack ack -> notice that the first two packets exchanged DO NOT CHANGE. You send an SYN to a port - if it is open then you get a SYN-ACK. Your kernel mods can't change this behavior or you lose TCP connectivity. If you meant something else, then you made a typo ("..but it eliminates all of the TCP scans from finding open ports except TCP connect.."). -- On Wed, 9 Feb 2000, Simple Nomad wrote:Well, I think that if all networked systems usedstate tables you wouldeliminate almost everything. Unfortunately prettymuch all systems do notuse the built in state tables. This is actually oneof the firstmodifications I make on a new system via kernelpatching -- so it reallyonly applies to open sourced operating systems --but it eliminates all ofthe TCP scans from finding open ports except TCPconnect, which can becontrolled any number of ways. - Simple Nomad - No rest for theWicca'd -- thegnome () nmrc org -www.nmrc.org -- thegnome () razor bindview com -www.bindview.com -On Wed, 9 Feb 2000, Reinoud Koornstra wrote:Nice issue. And..... are there any suggestions for this: Assume i have a machine running ipf which dealswith the traffic fromoutside. Behind that machine is an entire netwerk usingipnat.Now some one uses nmap on me to see what is openand what isnt.Now, ipf notices a packet... (fyn scan) doesnothing with it but redirectsit to another machine on the network on which theport is closed.Then nmap will think the port on the firewalledmachine is closed whilenmap really got the results from another machinewithout knowing it.A friend of mine deals this way with this kind ofscans and fooling nmapcompletly. Bye, Reinoud.__________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Re: how to know scan is correct? Marcy Abene (Feb 09)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Justin (Feb 11)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 11)
- Re: how to know scan is correct? Mikael Olsson (Feb 11)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 10)
- Re: how to know scan is correct? Eric Hankins (Feb 11)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? $eeweed (Feb 10)
- Re: how to know scan is correct? Enrico Demarin (Feb 11)