Nmap Development mailing list archives
Re: Uniquely identifying an Nmap install from NSE?
From: Ron <ron () skullsecurity net>
Date: Fri, 07 Aug 2009 17:31:09 -0500
On 08/07/2009 05:19 PM, Brandon Enright wrote:
What about stealing one from the conficker playbook and use the current week as a source of entropy. Something like svcname = hash(localip + localmac + remoteip + week) Still not much entropy but certainly raising the bar above just MAC. Brandon
I don't think including the week or remoteip would make a considerable difference, since they're going to be known to the attacker. But hashing the localip and localmac together is a good idea, it'd create a significantly more difficult bruteforce.
Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? David Fifield (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ben Rosenberg (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)