Security Incidents mailing list archives
Re: Mass scan : coordinated or spoofed ?
From: Nicolas GREGOIRE <nicolas.gregoire () 7THZONE COM>
Date: Mon, 26 Feb 2001 19:13:34 +0100
Hi all, I hace received numerous off-list mails after my post. Near all of same were saying that "nmap -D" were used against my ftp box. But can't be Nmap and its -D option !! The logs are not from a fw or IDS but from TCPwrappers. That means that there was a full 3-way handshake ! So, the 4 boxes were really scanning me simultaneously _OR_ that the prober can sniff my responses to these boxes, but he can't spoof any IP address when talking to my Linux 2.4 TCP/IP stack and doing a full connect() ! Here is my problem. Everybody tells me "it's nmap -D", but it can't !!! Any idea ? Nicob
Current thread:
- Mass scan : coordinated or spoofed ? Nicolas GREGOIRE (Feb 21)
- Re: Mass scan : coordinated or spoofed ? Nicolas GREGOIRE (Feb 26)
- <Possible follow-ups>
- Re: Mass scan : coordinated or spoofed ? Nicolas GREGOIRE (Feb 26)