Nmap Announce mailing list archives

Re: fooling nmap

From: Lance Spitzner <lance () ksni net>
Date: Thu, 10 Feb 2000 18:16:25 -0600 (CST)

On Thu, 10 Feb 2000, Bep Verberk wrote:

BTW, anyone working on an ID  tool that fingerprints nmap ?  Something that
would identify an nmap scan, the type of scan, the version of nmap, the OS the
scan was run from, etc.


Marty Roesch and Fyodor are competing on this one.  Marty develops a signature
for snort, Fyodor defeats it.  It all depends who has the lead in the arms
race.  By the way, snort is a handly little IDS/sniffer utility, you can find
it at 

http://www.clark.net/~roesch/security.html

for the latest signatures (including nmap), check out

http://www.whitehats.com

Lance Spitzner
http://www.enteract.com/~lspitz/papers.html

Current thread:

Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
  - Re: Intrusion detection question. Jose Nazario (Feb 10)
  - fooling nmap Bep Verberk (Feb 10)
    - Re: fooling nmap Lance Spitzner (Feb 10)
    - Re: fooling nmap CyberPsychotic (Feb 11)
    - Re: fooling nmap Vanja Hrustic (Feb 11)
    - Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Michel Arboi (Feb 10)
  - Re: Intrusion detection question. Tomi Ollila (Feb 10)
    - Re: Intrusion detection question. Michel Arboi (Feb 14)
    - Re: Intrusion detection question. Tomi Ollila (Feb 21)
  - Re: Intrusion detection question. Bart van Leeuwen (Feb 10)