Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NMAP Identity obscuring

From: "Mike Batchelor" <nmap () bv to>
Date: Sat, 25 Nov 2000 08:43:07 -0800
Ip-filter seems to have some obscuring power too.  Instead of just dropping
packets, I configured IP-filter to send TCP RST for closed ports, and ICMP
for closed UDP ports.  Nmap therefore gets responses to closed ports from
IP-filter, instead of from the Solaris stack.  I do not block packets with
options, or short packets.

No OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA7%P=sparc-sun-solaris2.6%D=11/25%Time=3A1FE950%O=21%C=1)
TSeq(Class=RI%gcd=1%SI=90EE)
TSeq(Class=RI%gcd=1%SI=BA5A)
TSeq(Class=RI%gcd=1%SI=73B9)
T1(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=N)

Target is SunOS u1 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-1.  The only
ndd tune I did is to turn on ip_forwarding.

---
www.nosig4u.com


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: