Nmap Development mailing list archives
Re: FYI regarding nmap-payloads, Snort evasion, etc.
From: David Fifield <david () bamsoftware com>
Date: Fri, 20 Apr 2012 16:41:30 -0700
On Fri, Apr 20, 2012 at 04:37:27PM -0500, Daniel Miller wrote:
I ran across this while testing scan types against Snort IDS. Two of the payloads (xdmcp for 177/udp and Amanda for 10080/udp) trigger two default rules (sid:1867 and sid:634) when directed from external to internal addresses. After some thought, I considered implementing an option to turn off payloads, listing it under IDS evasion methods. However, after digging in the code, I found out that using --data-length 0 would have the exact same effect (as far as I am aware).
Yes --data-length 0 is the way to turn off UDP payloads. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- FYI regarding nmap-payloads, Snort evasion, etc. Daniel Miller (Apr 20)
- Re: FYI regarding nmap-payloads, Snort evasion, etc. David Fifield (Apr 20)
- Re: FYI regarding nmap-payloads, Snort evasion, etc. Fyodor (Apr 23)