Re: Mass scan : coordinated or spoofed ?

[Nicolas GREGOIRE <nicolas.gregoire () 7THZONE COM>]

Hi all,

I hace received numerous off-list mails after my post.
Near all of same were saying that "nmap -D" were used against my ftp
box.

But can't be Nmap and its -D option !!

The logs are not from a fw or IDS but from TCPwrappers.
That means that there was a full 3-way handshake !
So, the 4 boxes were really scanning me simultaneously _OR_ that the
prober can sniff my responses to these boxes, but he can't spoof any IP
address when talking to my Linux 2.4 TCP/IP stack and doing a full
connect() !

Here is my problem.
Everybody tells me "it's nmap -D", but it can't !!!

Any idea ?

Nicob