Nmap Announce mailing list archives
Re: fooling nmap
From: Lance Spitzner <lance () ksni net>
Date: Thu, 10 Feb 2000 18:16:25 -0600 (CST)
On Thu, 10 Feb 2000, Bep Verberk wrote:
BTW, anyone working on an ID tool that fingerprints nmap ? Something that would identify an nmap scan, the type of scan, the version of nmap, the OS the scan was run from, etc.
Marty Roesch and Fyodor are competing on this one. Marty develops a signature for snort, Fyodor defeats it. It all depends who has the lead in the arms race. By the way, snort is a handly little IDS/sniffer utility, you can find it at http://www.clark.net/~roesch/security.html for the latest signatures (including nmap), check out http://www.whitehats.com Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Jose Nazario (Feb 10)
- fooling nmap Bep Verberk (Feb 10)
- Re: fooling nmap Lance Spitzner (Feb 10)
- Re: fooling nmap CyberPsychotic (Feb 11)
- Re: fooling nmap Vanja Hrustic (Feb 11)
- Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Tomi Ollila (Feb 10)
- Re: Intrusion detection question. Michel Arboi (Feb 14)
- Re: Intrusion detection question. Tomi Ollila (Feb 21)