Nmap Development mailing list archives
Re: Please Comment: General Host Input Option
From: Ron <ron () skullsecurity net>
Date: Sun, 25 Jan 2009 21:18:50 -0600
Cory K. Walker wrote:
The reason I would want to specify a list of decoys over random ones is this. Random decoys might not have the properties that an attacker would want. Instead, the attacker may seek a higher-quality list of decoys that are known to - for example - reply to a ping. That way, if the defender investigates the scan and all source addresses reply (or otherwise behave uniformly) then it might be more difficult for the defender to ultimately determine the true source of the attack. Perhaps the attacker wants all of his decoys to look like a bunch of Windows Server 2008 machines and therefore confuse the defender into thinking a new virus or other robot program is responsible for the scan. I imagine the use case for this feature would be the following: The attacker spends a substantial amount of time collecting a list of desired decoys as a prerequisite to the scan. After this list is compiled then the scan is launched against the target using a more-convenient "-DL decoys.txt" syntax instead of "-D IP_1,IP_2,...,IP_N".
Simulating a worm, eh? That's actually an interesting idea! Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Please Comment: General Host Input Option Cory K. Walker (Jan 25)
- Re: Please Comment: General Host Input Option Ron (Jan 25)
- Re: Please Comment: General Host Input Option Brandon Enright (Jan 25)
- Re: Please Comment: General Host Input Option Ron (Jan 25)
- RE: Please Comment: General Host Input Option Cory K. Walker (Jan 25)
- Re: Please Comment: General Host Input Option Ron (Jan 25)
- Re: Please Comment: General Host Input Option Brandon Enright (Jan 25)
- Re: Please Comment: General Host Input Option doug (Jan 25)
- Re: Please Comment: General Host Input Option Ron (Jan 25)