Re: Patch: Setting the flags for Idlescan

[Fyodor <fyodor () insecure org>]

On Thu, Mar 16, 2006 at 03:51:31PM -0800, Kurt Grutzmacher wrote:
> Here's a minor option addition to set nmap's Idle scan (-sI) flags. Modified
> the --scanflags parser to add some common words (SYNACK, PUSHACK). I did
> this while researching Marco Ivaldi's bugtraq post here:
> http://seclists.org/lists/bugtraq/2006/Mar/0258.html.

I saw that post and it is definitely interesting.  Would you try
posting your patch again?  Maybe you forgot to attach it, or maybe it
was sent with a mime type that this list doesn't allow.  Renaming it
with a .txt extension often helps mailers figure out that it is text/*
rather than application/*.

While your patch would be useful for people testing this and related
issues, I'm not sure it is neede for the main Nmap distribution.  In
Marco's post, he notes that Nmap works unmodified since it already
sends SYN/ACK.  Before adding a new option to change that probe
to use different flags, I'd like to see at least one case where it
would help.  And remember that the target machine will be sending back
SYN/ACK packets no matter what our initial probe uses.

Thanks,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev