Nmap Development mailing list archives
RE: Finding real host in Nmap -D Scans
From: "Kevin Hodle" <kevinh () aos5 com>
Date: Mon, 3 Mar 2003 23:26:38 -0600
With most broadband providers, this is an obsolete method of port scanning. Broadband companies like comca$t have very strict egress filters, and also 'ip verify reverse-path' on a cisco PIX (stateful) will eliminate the possibility of decoy scans being run against machines behind the PIX. Edge routers can also be configured in a similar fashion to accommodate external/DMZ machines like IDS's (witch should be running a stealth interface anyway.) Kevin Hodle CCNA, Network+, A+ Alexander Open Systems Network Operations Center kevinh () aos5 com -----Original Message----- From: Ryan [mailto:ryan () packetwatch net] Sent: Sunday, March 02, 2003 6:25 PM To: pen-test () securityfocus com; nmap-dev () insecure org Cc: 'Fyodor' Subject: Finding real host in Nmap -D Scans Hi All, I was wondering about the decoy scan in nmap. Is there a way to tell which host in a decoy scan is the real host? I found a post by Dug Song (http://www.geek-girl.com/ids/1999/0057.html), but these methods won't work anymore. First, as Dug Song said nmap now randomizes the ttl fields, and secondly you can't narrow it down to a host that can run nmap, because nmap can now be run on Windows systems as well. Ryan Spangler http://www.packetwatch.net ------------------------------------------------------------------------ ---- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A> --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Finding real host in Nmap -D Scans Ryan (Mar 02)
- <Possible follow-ups>
- RE: Finding real host in Nmap -D Scans Kevin Hodle (Mar 03)
- Re: Finding real host in Nmap -D Scans H D Moore (Mar 03)
- Re: Finding real host in Nmap -D Scans Fyodor (Mar 03)
- RE: Finding real host in Nmap -D Scans Lampe, John W. (Mar 03)
- RE: Finding real host in Nmap -D Scans Alexander Bartolich (Mar 04)