Nmap Development mailing list archives
Re: Invalidating Stealth
From: jonathan roeder <jonathanbsa () sbcglobal net>
Date: Tue, 4 Oct 2005 14:31:25 -0700 (PDT)
I agree, Nmap should print and explain a warning when using those options. --- "Crenshaw, Adrian D" <adrian () ius edu> wrote:
Hi All, I'm working on part two of my Nmap video tutorial (I call it Nmap 2: Port Scan Boogaloo) and wanted to ask a question. What all flags cause problems that make stealth/obscuring features less effective? For example: If you use an idle scan (-sI), but don't use -P0, the true scanning IP will be given away because of the ping. Another example would be if you did an idle scan with version and OS detection turned on (-sV -O or just -A), while the port scan may seem to come from the zombie, the version/OS detect stuff will appear to come from the true scanners IP. I also image that the use of decoys could also be invalidated based on which IPs the scanned host was able to establish three way hand shakes with during the scans (if version or OS detection was requested). Any others I should mention? Adrian http://www.irongeek.com <http://www.irongeek.com/> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Invalidating Stealth Crenshaw, Adrian D (Oct 04)
- Re: Invalidating Stealth jonathan roeder (Oct 04)
- Re: Invalidating Stealth Martin Mačok (Oct 05)