scanning idle-hosts (sorry for beeing a little OT)

[Doggy Dog <dogtown604 () googlemail com>]

hi there,


im using nmap as sysadmin for quite a long time now, still loving it.

and i dont know if its a kind of noob-question ;-)

lately a had some more rendevouz with nmap, scanning a whole
network for whatever we find.

then we came across the idle-scan method, had some fun
using voip-phones and printers as zombies and build a wrapper
around nmap to give a nice list on probably detected zombies of
a given network.

but then we discovered, that nearly any windows-machine we scanned,
from win2000/win2003/xp and even server2008 would give a great zombie ...

i searched the web and did not found much info on that windows-issue.
so, i ask you: is that known and old stuff? i  just started using the
idle-method for fun and not profit (i'm not a hacker, so i had no need
to hide my scans,
i was more interested in detection what was able to detect), and since
i'm subscribed to
the list just a couple of weeks ago, maybe i missed some discussions that
where done earlier.


regards,


mex
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/