Nmap Development mailing list archives
SYN Scan values - article
From: kx <kxmail () gmail com>
Date: Wed, 21 Jun 2006 23:11:24 -0400
I went to digg the Sectools.org site (done), and found this article in the digg queue. http://dmiessler.com/study/synpackets/ I think this article raises a good point, probably raised many times before. We just recently added an MSS of 1460 to the SYN scans, and I was wondering if we should change these values as well: Set the DF bit. Set the TTL to 64 or 128 or vary by OS Set the Window Size to 65535, 5840 or vary by OS. Also, another thing I was wondering about, is what does our RST signature look like compared to real OSes? I am just trying to think of ways to make our SYN scans stick out less to potential IDS rules. Curious on your thoughts. Cheers, kx _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- SYN Scan values - article kx (Jun 21)
- Re: SYN Scan values - article Felix Gröbert (Jun 22)
- Re: SYN Scan values - article Martin Mačok (Jun 23)
- Re: SYN Scan values - article kx (Jun 24)
- Re: SYN Scan values - article Fyodor (Jun 24)
- Re: SYN Scan values - article Martin Mačok (Jun 25)
- Re: SYN Scan values - article kx (Jun 24)