Nmap Announce mailing list archives
RE: NMAP Identity obscuring
From: "Mike Batchelor" <nmap () bv to>
Date: Sat, 25 Nov 2000 08:43:07 -0800
Ip-filter seems to have some obscuring power too. Instead of just dropping packets, I configured IP-filter to send TCP RST for closed ports, and ICMP for closed UDP ports. Nmap therefore gets responses to closed ports from IP-filter, instead of from the Solaris stack. I do not block packets with options, or short packets. No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=2.54BETA7%P=sparc-sun-solaris2.6%D=11/25%Time=3A1FE950%O=21%C=1) TSeq(Class=RI%gcd=1%SI=90EE) TSeq(Class=RI%gcd=1%SI=BA5A) TSeq(Class=RI%gcd=1%SI=73B9) T1(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=N) Target is SunOS u1 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-1. The only ndd tune I did is to turn on ip_forwarding. --- www.nosig4u.com -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- NMAP Identity obscuring Cameron Palmer (Nov 05)
- RE: NMAP Identity obscuring Ofir Arkin (Nov 23)
- RE: NMAP Identity obscuring lamont (Nov 23)
- Re: NMAP Identity obscuring Dug Song (Nov 23)
- Re: NMAP Identity obscuring Cameron L Palmer (Nov 25)
- RE: NMAP Identity obscuring Mike Batchelor (Nov 26)
- RE: NMAP Identity obscuring lamont (Nov 23)
- <Possible follow-ups>
- RE: NMAP Identity obscuring Oliver Friedrichs (Nov 23)
- RE: NMAP Identity obscuring Ofir Arkin (Nov 23)