Nmap Announce mailing list archives
Re: Are these signatures nmap?
From: Denis Ducamp <Denis.Ducamp () hsc fr>
Date: Tue, 23 May 2000 06:38:03 +0200
On Mon, May 22, 2000 at 08:25:19AM -0500, Lance Spitzner wrote:
Recently my network was scanned. I do not think this was nmap. If not, does anyone have any idea which tools this was?
I have no idea which "scanner" it is but I couldn't use such paquets to scan a host. Tried against linux 2.2.13 and WinNT4SP5 but none of them replied. I don't think that it's a port scanner. Here are tests with hping as a traceroute program : # hping -F -R -P -s 31337 -k -p <open port> -T -t 1 <server> ... 10->TTL 0 during transit from A.B.C.D (...) 11->TTL 0 during transit from E.F.G.H (...) 12->TTL 0 during transit from I.J.K.L (...) # hping -F -R -P -s 31337 -k -p <closed port> -T -t 1 <server> ... 10->TTL 0 during transit from A.B.C.D (...) 11->TTL 0 during transit from E.F.G.H (...) They stop at different places so that seems to be a paquet filter test.
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seq: 0xA1D95 Ack: 0x53 Win: 0x400
Snort is a great tool too ;-) Denis Ducamp. -- Denis.Ducamp () hsc fr -- Hervé Schauer Consultants -- http://www.hsc.fr/
Current thread:
- First ever Nmap-Hackers User Survey Fyodor (May 21)
- Are these signatures nmap? Lance Spitzner (May 22)
- Re: Are these signatures nmap? Denis Ducamp (May 22)
- Re: Are these signatures nmap? Max Vision (May 22)
- Re: Are these signatures nmap? Denis Ducamp (May 22)
- Are these signatures nmap? Lance Spitzner (May 22)