Nmap Announce mailing list archives
Re: fooling nmap
From: Vanja Hrustic <vanja () relaygroup com>
Date: Fri, 11 Feb 2000 17:21:24 +0700
Bep Verberk wrote:
BTW, anyone working on an ID tool that fingerprints nmap ? Something that would identify an nmap scan, the type of scan, the version of nmap, the OS the scan was run from, etc.
Well, snort can recognize nMap scans (and if you use portscan preprocessor, it will recognize much more), but to identify nMap version and OS... hmmm... I doubt that you can easily do it. To recognize nMap version, one would need to know if Fyodor has changed things (related to scanning itself, like packet load, etc.) in certain versions of nMap - Fyodor might help with this. But to recognize OS, one would need to do an nMap scan against the scanning host :) And that topic always brings a thread that talks about 'legality' of counter-scan, etc, etc :) Snort is available at http://www.clark.net/~roesch/security.html Check it (if you haven't already) - it's *lovely* :))) IPLog can also recognize nMap scans, and OS fingerprinting. IPlog will start sending bogus packets back to the scanning host when it encounters OS fingerprinting, and it is supposed to do the same when it encounters SYN scans (didn't work for me). I've tried the OS fingerprinting 'fooling' - works very well :) IPLog is available at http://ojnk.sourceforge.net/ -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Jose Nazario (Feb 10)
- fooling nmap Bep Verberk (Feb 10)
- Re: fooling nmap Lance Spitzner (Feb 10)
- Re: fooling nmap CyberPsychotic (Feb 11)
- Re: fooling nmap Vanja Hrustic (Feb 11)
- Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Tomi Ollila (Feb 10)
- Re: Intrusion detection question. Michel Arboi (Feb 14)
- Re: Intrusion detection question. Tomi Ollila (Feb 21)