Nmap Development mailing list archives
Re: decoys and limiting outbound RST packets
From: Slarty <slarty () Vectrex org uk>
Date: Sun, 2 Jan 2005 10:31:05 +0000
On Saturday 01 January 2005 22:19, Michael Rash wrote:
Proposed solution: Provide an interface to use a local packet filter (if available) to restrict outbound RST packets to the target for the duration of any scan that causes unsolicited SYN/ACK packets to be sent to the scanning system.
I wrote a scanner which already does this (RST blocking). If you use decoys with nmap, the decoys have to be machines which are online themselves (hence will send a RST back), otherwise it will be obvious which is the "real" scanning host. However, as nmap now has the "idle scan", decoys aren't really necessary for people who want to hide their IP address while scanning, as the "idle scan" does not send any non-spoofed packets to the target anyway. Anyway, RST blocking is a useful feature on its own even without decoys and spoofing: - Reduces network traffic during big scans - Less likely to trigger IDS (if they have a rule which spots reset half-open connections) Slarty --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- decoys and limiting outbound RST packets Michael Rash (Jan 01)
- Re: decoys and limiting outbound RST packets Slarty (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 03)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Slarty (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- <Possible follow-ups>
- RE: decoys and limiting outbound RST packets robert (Jan 05)