Nmap Development mailing list archives
Re: TCP Resource Exhaustion Attacks
From: Fyodor <fyodor () insecure org>
Date: Mon, 6 Oct 2008 00:51:27 -0700
On Thu, Oct 02, 2008 at 09:10:21PM +0000, Brandon Enright wrote:
I think the only reason why a Nmap user or Nmap dev should care is that if vendors start modifying their TCP/IP attacks to either patch a real bug, or look like they patched a bug, a lot of OS fingerprints are likely to need to be added.
That would be truly awesome (for Nmap). Earlier TCP/IP security tweaks such as randomized ISN's and randomized IPIDs were a big help in distinguishing operating systems, as were non-security-related changes such as the selective ACK option and ECN. I should join a working group on improving TCP DoS resiliency just so I can promote changes which Nmap OS detection can distinguish :). Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: TCP Resource Exhaustion Attacks, (continued)
- Re: TCP Resource Exhaustion Attacks Michael Pattrick (Oct 02)
- Re: TCP Resource Exhaustion Attacks Ron (Oct 02)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 02)
- Re: TCP Resource Exhaustion Attacks RB (Oct 02)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 02)
- Re: TCP Resource Exhaustion Attacks doug (Oct 02)
- Re: TCP Resource Exhaustion Attacks Brandon Enright (Oct 02)
- Re: TCP Resource Exhaustion Attacks Robert E . Lee (Oct 03)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 06)
- Re: TCP Resource Exhaustion Attacks Robert E. Lee (Oct 06)
- Re: TCP Resource Exhaustion Attacks Kris Katterjohn (Oct 06)
- Re: TCP Resource Exhaustion Attacks Brandon Enright (Oct 02)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 06)