Re: Invalidating Stealth

[jonathan roeder <jonathanbsa () sbcglobal net>]

I agree, Nmap should print and explain a warning when
using those options.

--- "Crenshaw, Adrian D" <adrian () ius edu> wrote:

> Hi All,
>
>             I'm working on part two of my Nmap video
> tutorial (I call it
> Nmap 2: Port Scan Boogaloo) and wanted to ask a
> question. What all flags
> cause problems that make stealth/obscuring features
> less effective? For
> example:
>
>  
>
> If you use an idle scan (-sI), but don't use -P0,
> the true scanning IP
> will be given away because of the ping. 
>
>  
>
> Another example would be if you did an idle scan
> with version and OS
> detection turned on (-sV -O or just -A), while the
> port scan may seem to
> come from the zombie, the version/OS detect stuff
> will appear to come
> from the true scanners IP.
>
>  
>
> I also image that the use of decoys could also be
> invalidated based on
> which IPs the scanned host was able to establish
> three way hand shakes
> with during the scans (if version or OS detection
> was requested).
>
>  
>
> Any others I should mention?
>
>  
>
> Adrian
>
> http://www.irongeek.com <http://www.irongeek.com/>  
>  
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev